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WALL ST) AIMS FOR 
ONE-DAY TRADING | 


Brokerages run IP run IP test, 
but plan faces doubts 


BY LUCAS MEARIAN 
NEW YORK 
A consortium of 125 financial 
services firms claims to be in 
the final stages of piloting an 
IP network that will allow bro- 
kerages and investment banks 
to settle stock trades and other 
transactions in a single day. 
Such an accomplishment 
could represent a quantum 
leap in time and cost savings 
from the current 72-hour win- 
dow, which itself was the result 
of a multibillion-dollar effort 
to shorten a five-day process 
just a few years ago. 


Still, many Wall Street IT 
executives question whether 
banks, brokerages and clear- 
inghouses have the IT infra- 
structures necessary to sup- 
port the increased data flow 


processing or same-day clear- 
ance. Many organizations have 
struggled to meet three-day 


time-intensive batch process- 
ing techniques. If securities 
shops can’t get past those 
hurdles now, the question 
becomes whether the return 
on investment from their ef- 
forts justifies spending mil- 
lions 
day infrastructures. 

Trading, page 53 








ROI: People Count 


Balancing personnel, payroll and training 
to achieve maximum ROI 


Your company’s most valuable, and of- 


ten most costly, IT resources its staff 
- so what are you doing to protect 
your investment in human capital 
in today’s turbulent economy? Ina 
special report that begins on page 
24, learn how forward-thinking 
companies are using sabbaticals, 
reduced workweeks and other al- 
ternative approaches to avert costly 


and demoralizing layoffs. 





| required for straight-through | 


settlement requirements using | 


of dollars to build same- | 
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SOCIATED PRESS 


THE AS: 


Starting Friday, airlines face the daunting task of screening every checked bag on every flight. Matching bags 
to passengers using wireless LANs is one option, but the task of securing those networks is just as daunting. 


Wireless LANs: 
‘Trouble in the Air 


BY BOB BREWIN, DAN VERTON AND JENNIFER DISABATINO . 
S THE AIRLINE INDUSTRY scrambles Inside 
to meet a Jan. 18 deadline to screen, ne eT oe eee 
every checked bag for explosives, se- —_y.S. government has given the 
curity experts, analysts and govern- __ airlines no clear direction on 
what technologies to use or 


ment officials are raising serious 
concerns about the security of wireless technolo- how they should work together 
to improve security, critics 


gy that’s integral to the effort. harge. PAGE 6 


At issue is th 
clans tie is @ FAQ: The technology issues 
and requirements within the 


and roving-agent 
check-in. 
The 


lines of industry- concerns 
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standard 9802.llb, 

or Wi-Fi, wireless LANs op- 
erating in the 2.4-GHz band. 
These systems, which are 
widely viewed as inherently 
insecure, are being used to 
support such applications as 
bag matching and curbside | 


4 appear to be justi- 
fied, based on two inves- 
tigations that were conduct- 
ed last week by professional 
security firms that analyzed 
airline wireless LAN systems 
at Denver International Air- 

Wireless LANs, page 6 


Aviation and Transportation 
Security Act of 2001. PAGE 7 
@ Beyond wireless: At 
Boston’s Logan International 
Airport, facial-recognition and 
document-authentication 
technologies are being tapped 
to boost security. PAGE 8 





Yes you can. Introducing Microsoft® Windows® XP 
Professional, the OS that takes mobility toa Eaton 
higher place. For starters, users don’t even need 
to bring their PCs when they travel. The Remote 
Desktop feature in Windows XP provides users easy 
remote access to their work PC from another PC, 
Fhey can work with files and folders, check and send 
e-mail, and securely do from the road virtually 
everything they can do while sitting in front of their 
office desktops. When users do travel with PCs, 
-features like support for easy wireless network access, 
Windows Messenger, secure VPN support, and the 
Encrypting File System mean road warriors are doing 

' what they need to do, and leaving you free to do what 
you need to do. With Windows XP, you can. 
www-mnicrosoft.com/windowsxp/itpro 
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YOU'RE PROTECTED AGAINST HACKERS, VIRUSES AND WORMS. 
BUT WHAT ABOUT ROSE IN BENEFITS? 


eTrust” Security Solutions 


Complete protection for your entire enterprise. 


When it comes to protecting your business, you need security that can protect your 

enterprise from potential threats, no matter where they may come from. That's exactly 

what eTrust does. Our family of products allows you to not only safeguard your entire a 

enterprise, but also view and manage that security either centrally or from multiple 

delegated locations. So you can continue to grow and maximize new opportunities 

while minimizing your risk. And that’s security you can feel secure about. Computer Associates™ 


HELLO TOMORROW | WE ARE COMPUTER ASSOCIATES | THE SOFTWARE THAT MANAGES eBUSINESS™ ca.com/etrust 


©2001 Computer Associates International, inc. (CA). All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. 
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NEWS 6 


6-8 Special report: Concerns are 
being raised about the security of 
wireless LANs used by airlines for 
applications such as bag matching 
and curbside check-in. 


10 IT workers at Tyson Foods are 
working overtime to integrate the 
operations of a meatpacker that the 
company bought in September. 


12 Microsoft CEO steve Ballmer 
says the company’s focus this year 
is on Web services, XML and .Net. 


12 Microsoft is investigating 
reports of a new security hole 
in recent versions of its Internet 
Explorer Web browser. 


16 Aircraft parts distributor Aviall 
credits its new IT systems for help- 
ing it win a $3 billion contract from 
Rolls-Royce. 


. 
ck For breaking news, 


updated twice daily, visit 
Computerworld.com 


www.computerworld.com/q?q4000 


HOW SAFE IS YOUR 
COMPANY? 


The Human Firewall project was 
designed to find out. 
www.computerworld.com/security 





SOLVING CYBERCRIME 


Computer forensics experts use 


an array of tools and techniques 
to nab cybercriminals both 
inside and outside affected 
organizations. PAGE 36 


OE heh ae ee a4 


23 Joe Auer says IT procurement 
managers often fail to look beyond 
their organization’s immediate 
needs by “sidetracking” end-user 
and wider-ranging enterprise 
needs. 


24 Layoffs might be the quickest 
route to achieving short-term cost 
savings, but the long-term effects 
of losing valuable intellectual capi- 
tal and cutting investments in IT 
training can be devastating. Some 
companies are considering alterna- 
tive cost-savings approaches. 


30 Training budgets are still on 
the rise as IT departments are 
looking beyond the current eco- 
nomic doldrums to invest more 
heavily in project management, 
security and soft-skills acumen. 


34 Workstyles: A look at systems 
administrator Bob Johnston, who 
runs the IT department at $70 mil- 
lion advertising and public rela- 
tions firm CJRW — by himself. 


| 


TECHNOLOGY 35 


35 Microsoft is probably calling 
one of its new features “fast user 
switching” because Windows XP 
still isn’t a multiuser system, says 
columnist Nicholas Petreley. 


38 Intel’s chief technology officer, 
Pat Gelsinger, gives his view of 
emerging technologies that will 
have an impact on corporate IT. 


40 Digital asset management 
technology helps the Shoah Foun- 
dation ensure that the stories of 
Holocaust survivors will live on. 


43 Hands On: Upgrading a laptop 
hard drive is harder than it should 
be, according to reviews editor 
Russell Kay. 


44 Security Journal: Installing a 
system for e-signatures seems like 
a good idea, but Vince Tuesday 
finds that at least one user is 
unclear about the concept. 
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HACKERS CHILL 
EDITOR'S DIP 
INTO E-COMMERCE 


Computerworld’s Rob Mitchell 
describes what happened after 
someone broke into his local 
Internet service provider. 
www.computerworld.com/ecommerce 


WINDOWS XP 
SECURITY 


Is XP’s security any better than 
previous Windows versions? Post 
your opinion and read what others 
have to say in our online discus- 
sion forum. 
www.computerworld.com/q?a1460 


FORENSIC DETECTIVES 


Whether you call them cybercops 

or digital sleuths, computer forensics 
investigators are in high demand for 
solving systems crime and helping 
companies protect the bottom line, 
say IT executives like PayPal’s Ken 
Miller. PAGE 32 


OPINIONS 20 


20 Maryfran Johnson takes a 
humorous look into the future after 
Bill Gates proclaims that Windows 
XP will be the “digital hub” of the 
home. 


20 Pimm Fox says IT should take 
a bow for its unprecedented tri- 
umph of leadership during the 
successful replacement of 12 cur- 
rencies with the euro. 


21 David Moschella believes 
Web services will thrive but won't 
live up to the hype we're hearing 
from vendors. 


54 Frank Hayes urges IT leaders 
to heed a new report that under- 
scores the vulnerabilities of the 
nation’s IT infrastructure and to 
help boost security spending — 
now. 

Editorial/Letters 
How to Contact CW 
Company Index 
Shark Tank 


NEWSLETTER SIGN-UP 


Don’t forget to subscribe to 
Computerworld’s free daily and 
weekly e-mail newsletters. You 
can receive news updates twice 
each day, as well as weekly mail- 
ings on topics such as security 
and mobile/wireless technologies. 


www.computerworld.com/q?al430 
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Wireless LANs: 
Trouble in the Air 


| Continued from page 1 

port and San Jose International 
Airport. 

| The analysis in Denver was 
| conducted Jan. 9 by a security 
firm that didn’t want its identi- 
| ty disclosed. It 
| revealed that 
American Air- 
lines Inc. oper- 
| ated wireless LANs totally in 
the clear without any encryp- 


| tion in its portion of the DIA | 


terminal. 

The vulnerability of the 
American Airlines wireless 
| LAN networks was highlighted 


| by the fact that the security | 
| specialists witnessed an intru- 
| sion while conducting their | 


monitoring. According to a re- 
port furnished to Computer- 
| world, security of the wireless 


TNVESTIGATIVEREPORT 





LANs supporting Fort Worth, | 


Texas-based American’s curb- 
side check-in stands was fur- 
ther compromised by the fact 
that the IP address of the curb- 
side terminal was prominently 
pasted on the monitor. 

Except for 
an administra- 
tive network 
operated by 
the Denver International Air- 
port authority itself, none of 
the networks monitored by the 


security specialists had turned | 
| on even the simplest form of | 
the 40-bit Wired 


encryption: 
Equivalent Privacy encryption 
algorithm. 

Thubten Cumerford, CEO of 
Westminster, Colo.-based se- 
curity firm White Hat Tech- 
nologies Inc., said airlines that 
operate unprotected 802.l1b 
wireless networks “are putting 


A SECURITY ANALYSIS found aiden Airlines’ ales LAN at ut the Sane airport to be unprotented. 





themselves and our nation’s 
security at risk.” Even when 
encryption is enabled, wireless 
LANs “are a serious liability,” 
Cumerford added. 

A scan of wireless networks 
at San Jose International Air- 
port on Jan. 10 produced simi- 
lar results. Jonas Luster, co- 
founder of D-fensive Networks 


| Inc. in Campbell, Calif., which 


conducted the analysis in San 
Jose, said the wireless LANs 
there had few safeguards 
against intruders. 

Luster said he was easily 
able to pick up signals and sen- 
sitive network information 
emanating from the wireless 
LANs belonging to American 
Airlines and 
Southwest Airlines Co. Ameri- 
can’s curbside check-in opera- 
tions could be monitored, Lus- 
ter said, and Southwest’s net- 
works were issuing informa- 
tion from back-end systems, 
including at least three Unix 
servers running the Solaris op- 
erating system. 


| RIP Weakness 


“In a matter of minutes, you 
could sniff out whatever you 
wanted,” said Luster, who 
added that the routing infra- 
structure at both airlines was 
open to exploitation. Routing 
Information Protocol (RIP), a 
high-level language that trans- 
mits routing updates at regular 
intervals, can be modified easi- 
ly to assist a hacker, said Lus- 
ter. “By injecting a wrong RIP 
response, I could declare my- 
self a legitimate, authoritative, 
powerful node on the net- 
work,” said Luster. 

Although American 
knowledged the vulnerability 
of the 802.llb standard, it 
downplayed the seriousness of 
the situation. 

“This particular issue is a 
very temporary one and a 
very noncompromising one,” 
said American 
Ford. American is already on 
track to roll out a proprietary 
security system to replace 
802.l1lb well before an indus- 
try-standard improvement is 
adopted, Ford said. And he 
added that even if a hacker was 
able to locate passwords, he 
would still be unable to access 
applications and databases. “A 


ac- 


Dallas-based 


CIO Monte | 
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Confusion 

Airlines are implementing hap- 
hazard security systems to satisfy 
a political agenda because the 
government has given them an 
impossible task without any clear 
direction on how to effect a 
change, some critics charge. 

“Airlines right now are in total 
chaos. They're in chaos because 
they're trying to do something 
that can’t be done,” said Michael 
Boyd, president of aviation indus- 
try consultancy The Boyd Group/ 
ASRC Inc. in Evergreen, Colo. 

Explosives-detection systems 
machines are unreliable, he said, 
and can't possibly be put in place 
by the end of the year as mandat- 
ed by Congress. And the pro- 
posed positive bag-matching sys- 
tem will slow traffic in hub air- 
ports by 20%, Boyd said. 

Henry Harteveldt, an analyst at 
Forrester Research Inc. in Cam- 
bridge, Mass., is equally con- 
cerned. “One [airline employee} 
described it as they are in posi- 
tive-bag-match hell,” he said. “It’s 
as much an operational issue as a 
technological one.” 

And the government has given 
no clear direction to the airlines 
about what technologies to im- 
plement or how they might work 
together, critics charge. 

“None of the systems interact 
with one another,” Boyd said. Re- 
alistically, though. there isn't even 
a pian to share data with a gov- 
ernment database. “How to share 
info with a federal database. We 
are so far from that, it’s not even 
worth discussing,” he said. 

Airport officials are also com- 
plaining of a lack of guidance 
from the FAA and the Transporta- 
tion Security Agency. 

In an article posted at the site 
of the American Association of 
Airport Executives & Airports 
Council International - North 
America, Doug Kimmel, manager 
of Illinois’ Williamson County Re- 
gional Airport, said, “There has 
been little to no communication 
as to what actually needs to be 
changed or done differently at this 
airport. Instead, we have been 
asked by FAA what we need in or- 
der to comply. Hard question to 
answer when we still don’t know 
wit we're complying with.” 

~ Jennifer DiSabatino 
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password is not a free ticket to 
our network, by any stretch of 
the imagination,” he said. 
“They can just see points on 
the network. They can’t get 
into applications.” 

Ford said American doesn’t 
plan to use positive bag match- 
ing to meet the Jan. 18 deadline 
Congress has set for the air- 
lines to implement 
some means of 
screening all 
checked bag- 
gage. It does } 
plan to start ® 
using a bag- 
matching sys- 
tem later this 
year, Ford 
added. 

American Airlines’ 
visibility is at least partly at- 
tributable to the fact that it has 
been ahead of the curve in 
wireless LAN deployment. 

Delta Air Lines Inc., United 
Air Lines Inc. and Southwest 
Airlines all declined to com- 
ment for this story, citing secu- 
rity concerns. Northwest Air- 
lines Inc. and Continental Air- 
lines Inc. didn’t return calls 
seeking comment by deadline. 
In any case, there appears to be 
no coordinated effort among 
the airlines to address wireless 
security issues. 

For its part, American cur- 
rently uses its wireless LANs 
only for curbside check-in and 


% 


hackers. 





EA 


Under the Aviation and Trans- 
portation Security Act of 2001, 
airlines by Jan. 18 must ensure 
that no checked bag on a U.S. do- 
mestic airline flight contains ex- 
plosives. What are their options 
for compliance? 

= They can scan bags through explo- 
sives-detection systems. 

BUT... 

There are only approximately 160 
such systems in use in the U.S., and 
Congress hasn't appropriated the $5 
billion needed to buy the 2,000 ma- 
chines needed to equip all U.S. air- 
ports. And the deadline didn’t allow 
enough time for installation of the auto- 
mobile-size machines. 
m= They can perform Positive Passenger : 


TOOLS used by 


e On Legislating More 
e Secure Air Travel 


: Bag Match, which shows that each 

: bag loaded in an aircraft hold matches 
i a passenger in a seat (see diagram, 

: page 8). 


: handle the task. 
: ™ They can manually search every 
: checked bag. 


roving agents, and Ford said 
that even if intruders penetrat- 
ed the network, they could do 
little damage. That’s because 
American’s core systems are 
hosted by Fort Worth, Texas- | 
based Sabre Inc. on an IBM 
transaction processing facility 
(TPF) system that’s generally 
viewed as extremely difficult 
to hack because of the 
rigid and arcane struc- 
ture of TPF. 

“It’s not possible 

that you could get 
into the kinds 

of things that 

could do dam- 

” said Rich- 

ard Eastman, an | 
airline industry con- | 
sultant at Newport 
Beach, Calif.-based The East- | 
man Group. 

The TPF-based reservation | 
system is a deep matrix, with | 
passwords embedded in each 
level, explained Michael An- 
derson, director of airport sys- | 
tems at Sabre. 

But that doesn’t satisfy Joe 
Weiss, vice president of the 
network applications division 
at Annapolis, Md.-based Aero- 
nautical Radio Inc. (Arinc), a | 
communications services pro- 
vider owned by a consortium | 
of airlines. Weiss said he’s con- 
cerned that a hacker could use | 
an unprotected wireless LAN 
to hop into core airline opera- | 





NEWS: 


Bliss-less 
Ignorance 


The skills required to secure wireless 
networks aren't keeping pace with 
the rapid build-cut of wireless in- 
frastructures, a recent survey found. 

Despite growing concerns about 
the security of corporate wireless net- 
works, nearly 20% of survey respon- 
dents said they lacked needed knowl- 
edge to deal with the problem, and 
54% said they were only “somewhat 
knowledgeable.” The survey of 1,200 
security professionals was conducted 
by /nformation Security magazine, 
published by Herndon, Va.-based se- 
curity firm TruSecure Corp. 

“These are all security profession- 
als who are saying this. When you 
back this out to the larger [IT] popu- 
lation, there still seems to be some- 
what of an ‘ignorance is bliss’ atti- 
tude” relating to wireless security, 
said Andrew Brinley, editor in chief of 
Information Security. Inadequate se- 
curity in the Wireless Equivalent Pri- 
vacy (WEP) protocol and in handheld 
devices continues to be a major con- 
cern for wireless users, Brinley said. 


tional systems. These systems 


include flight operations, bag 


matching and passenger reser- 


vations. Flight operations sys- | 
tems manage such vital func- | 
mainte- | 
dispatch, | 


as_ refueling, 
and flight 


tions 
nance 


There aren't enough trained persori- 


nel on hand to search them. 


$0... 
The Transportation Security Agency 


: has recommended a combination of 


: these high- and low-tech approaches, 


GUT... 
There aren't enough automated bag 


scan systems in place, and those that 
: do exist rely on inherently insecure 

: wireless LAN systems to send data 

: reads from a bar code on a bag tag to 
: match up with a passenger manifest 

: @ They can search by means of bomb- 
: Sniffing dogs. 


BUT... 
There aren't enough trained dogs to 


BUT... 


maintaining that it will allow the airlines : 
to meet the mandates of Congress. 


: What technology enhancements 

: does the act require the airlines to 
: undertake to make air travel more 
: secure? The airlines must 

: @ Ensure that unauthorized personnel 

? can't gain access to computerized 

: airline reservations systems. 

# Electronically transmit advance 

: passenger and crew manifests on all 

: international flights inbound to the U.S. 
? m Use the FAA's Computer-Assisted 
Passenger Prescreening System 

: (CAPPS) to screen all passengers 

: before they board an aircraft. Currently, 
:? CAPPS is applied only to selected 
? passengers. 





: Are the airlines be- 
: ing encouraged by 

: Congress to explore 
: any other high- 

: tech systems to 
improve securi- 


: better identify passengers who could 
: pose a threat to an aircraft 


The WEP algoritiim is used to pro- 
tect wireless networks based on 
802.11, the current wireless LAN 
standard, from electronic eavesdrop- 
ping and unauthorized access. But a 
survey by researchers at the Univer- 
sity of California, Berkeley last year, 
along with other reports, has re- 
vealed a number of flaws in WEP. 

The Institute of Electrical and 
Electronics Engineers Inc. this year 
will introduce a new standard, 
802.1x. It will use encryption keys 
that are unique for each user and 
each network session, and it will sup- 
port 128-bit key lengths. It will also 
support the use of Remote Authenti- 
cation Dia!-In User Service, a central 
repository of authentication informa- 
tion for the network, and Kerberos, 
an authentication protocol that en- 
ables dynamic key changes. 

Most of the major wireless ven- 
dors have announced plans to sup- 
port the new standard with products 
due early next year. In fact, Cisco 
Systems Inc. has already introduced | 


Lightweight Extensible Authentica- | Quick 
tion Protocol (LEAP) for its Aironet [Tmke pst 
com/q(?at470 


devices. With LEAP, client devices 
For UC Berkeley's report on WEP flaws, 


dynamically generate a new WEP 
key instead of using a static key as go to www.computerworld.com/q?a1490 


part of the log-in process. 

The fact that wireless frequencies 
can be easily jammed and communi- 
cation tapped without physical ac- 
cess are major concerns, said Daniel 
Lange, an IT strategist at BMW 
Group in Munich, Germany. “WEP is 
seriously flawed [and] thus needs to 
be considered insecure. Communica- 
tion can be compromised just by lis- 
tening remotely,” Lange said. 

BMW uses 802.11-based wireless 
LANs at two of its manufacturing fa- 
cilities in Germany. 

“There is no standard for securing 
802.11 [wireless LANs] now, only in- 
compatible vendor-specific imple- 
mentations,” Lange said. 

“WEP has come under a lot of 
criticism for its lack of security. But 
[even a WEP-enabled network] is 
still better than nothing” when it 
comes to securing wireless access, 
Brinley said. 

- Jaikumar Vijayan and Dan Verton 


To read Information 
Security's complete 
survey, visit 
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concern that access f “ae HOUSE OF REPRESENTATIVES 


Ist Session 
to a bag-matching =a 
system could al- 
low an attacker to 
Continued, page 8 


AVIATION AND TRANSPORTATION SECURITY ACT 


- - NOVEMBER 16, 2001 —Ordered to be printed 


submitted the following 


CONFERENCE REPORT 


[Te accompany 3. 1447) 


The committee of conference on the on 
e two Houses on the amendment of the House to th / 
ty? Yes. Such sug- 


: gestions include 
: wA Trusted Passen- 
: ger Program that 


3 In liew of the matter prow 2” 

: would provide a bio- ‘ment, ae the follow 

: metric or other tamper-proof ID Se ef # Enhanced commu- 
: to members of frequent-flier programs 


: and other travelers who can pre-estab- 
: {ish their bona fides for participation in 
: the program. Besides providing a bet- 

: ter way to positively identify these 

: trusted passengers, the program would : 
: speed up check-in by “allowing securi- : 
; ty screening personnel to focus on 

: those passengers who should be sub- 
: ject to more extensive screening.” 


ment of the House and agree to the 


te di 
follows: —e 


nications systems to relay 
: real-time video from an aircraft to con- 
: trollers on the ground. 


: How much money is Congress 
appropriating? The act provides 

: $250 million in funding over five years 
: (2001-06) for research on advanced 

: explosives-detection systems ma- 
chines, development of integrated sys- 
® Voice-stress analysis systems to help = tems for airport security and improved 
: technology to screen cargo 
: - Bob Brewin 


Mr. YouNG of Alaska, from the committee of conference, f 


; 


} 
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SS 


; 


} 








potentially manipulate data. 


eS 
SCANNER 


Bag handler 
equipped with bar 
code scanner and 
wireless link scans 
passenger's bags 
tag, with an infrared 
beam 
Continued from page 7 
manipulate the system to show | 
that luggage belonged to a | 
boarded when in 
fact it did not. This concern is 
one Arinc plans to 
abandon the _ 802.llb-based 
bag-matching system it oper- 
shared 
system 
carriers 
with international 
flights at San 
Francisco _Inter- 
national Airport. 
Arinc said it will 
switch to a private 
system 
operating in the 
800-MHz _ band. 
That system will 
be based on Inte- 


passenger 


reason 


ates as a 
resource 
for all 


wireless 


grated Digital En- 
hanced Network 
(IDEN) voice and 
data terminals developed by | 
Schaumburg, Ill.-based Mo- | 
torola Inc. 

IDEN provides more robust 
security than wireless LANs, | 
Weiss said, including software 
keys for each terminal. Arinc | 
plans to encrypt the network 
traffic as well. 


Presidential Concerns 

The security weakness of 
wireless LANs used through- 
out the nation’s critical indus- | 
tries, including airlines, hasn’t | 
gone unnoticed at high levels 
of the Bush administration. A | 
senior White House official 
said wireless security initia- | 
tives are at the top of the 2002 | 


~ AIRPORT 
TERMINAL 


%4 OM os Of 


From the terminal, 
data is transmitted 
through a wired 
LAN into a server 
to produce pas- 


Bag tag data trans- 
mitted on 802.11b 

wireless LAN link to 
the airport terminal. 
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NEWSAIN 


Configuration of an Automated Bag-Matching System 


Senior government officials want to set high security standards for wireless LANs that support 
airport bag-matching systems. The concern is that an attacker could penetrate the network and 


AIRPORT 
Tad 


BAG 
oh LS 


Bag data matches 
record of passen- 
gers on board. 


senger manifest. 


the president’s 
newly established Critical In- 


frastructure Protection Board. | 
| At least one white paper is in 


development that will examine 
wireless LANs and the inter- 
connections between wireless 
devices and critical infrastruc- 
ture systems, such 
as Federal Avia- 
tion Administra- 
tion networks. 
The US. 


portation 
and two of its key 
agencies — 
FAA and the newly 
formed 
portation Security 


cal look at wire- 


less LAN security | 


over the next year. 
Mike Brown, director of infor- 


mation security at the FAA, | 
said that in this new security- | 


| conscious era, airline wireless | 


systems are subject to in- 


creased scrutiny. 


Lisa Schlosser, that will exam- 
ine existing airline 
systems, including LANs. In 


nartnership with the FAA, the | 


TSA and private industry, it 


will develop security standards | 
and define a general wireiess | 


architecture, Brown said. 


Though American Airlines | 


downplayed the vulnerability 
of its wireless networks in San 
Jose and Denver, some securi- 


De- | 
partment of Trans- | 
(DOT) | 
the | 


Trans- | 


Agency (TSA) — | 
plan to take a criti- | 


wireless | 


ty analysts viewed the poten- 
tial threat as significant and 


symptomatic of the airline in- | 


dustry’s failure to properly ad- 
dress network security. 

James Foster, a senior con- 
sultant and 
Guardent Inc., a security firm 
in Waltham, Mass., has con- 
ducted several wireless securi- 
ty audits during the past year 
that have uncovered signifi- 
cant vulnerabilities in and 
around major airport facilities, 
including John F. Kennedy In- 
ternational Airport in New 
York and Boston’s Logan Inter- 
national Airport. 

“Possible baggage 
vulnerabilities do not surprise 


me,” said Foster. “This is a seri- | 


ous problem that puts lives and 
the U.S. infrastructure at risk.” 
Although he wouldn’t pro- 


vide details about specific air- | 
lines, Foster’s wireless security | 


audits have shown that a 
skilled hacker with the right 
software would need 
only seconds to conduct a de- 


tools 


| tailed reconnaissance of an air- 
The DOT has formed a “go | 
team,” led by Associate CIO | 


line’s wireless network. 
“Most of the time 


researcher at | 


system | 





these | 


[wireless systems] are tied to | 


back-end systems,” Foster said. 
Regardless of how arcane or 


proprietary those 


networks | 
may be, “it’s only a matter of 


time until somebody figures | 


out how it works, how it com- 
municates and how people au- 
thenticate,” he said. “It would 
take no more than an hour to 
figure out how the system 
worked.” D 


The Massachusetts Port Authority 
(Massport) has started to beef up 
security at Boston’s Logan Inter- 
national Airport - the departure 
point for two of the planes hi- 
jacked on Sept. 11 - with facial- 
recognition technology and an 
automated document authentica- 
tion system. 

According to Barbara Platt, a 
spokeswoman for Boston-based 
Massport, the authority last month 
signed a contract with Imaging 
Automation Inc. in Bedford, N.H., 
to test that company's Border- 
Guard document authentication 
technology. 

BorderGuard uses a scanner to 
verify that an identification docu- 
ment such as a passport hasn't 
been forged or altered. The system 
compares the scanned passenger 
ID against a database of interpol 
document security information de- 
veloped by Keesing Reference 
Systems BV in Amsterdam. 

It also captures the contents of 
the document and cross-checks 
the information against a database 
of suspected criminals and terror- 
ists. Platt said Massport intends to 
use BorderGuard to check IDs of 
passenger as well as airport work- 
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Beyond Wireless: Tapping Other Tech 


ers, but declined to say wisere 
within the airport complex the 
agency plans to use the system. 

Platt said Massport has also 
tapped two companies to provide 
facial-recognition technology to 
assist in passenger screening and 
to help positively identify Logan 
workers. She said Lau Technolo- 
gies in Littleton, Mass., and Vi- 
sionics Corp. in Jersey City, N.J., 
will provide Logan with the bio- 
metric systems for a pilot program. 
She declined to specify the num- 
ber of systems ordered or where 
they would be used. 

While several airports have in- 
stalled or have announced plans 
to install facial-recognition sys- 
tems, the problem is that there's 
no standard for how those sys- 
tems should be deployed. Oakland 
police Sgt. Mark Schinid, who is in 
charge of the installation of a fa- 
cial-scanning program at Oakland 
International Airport in California, 
said his and other agencies must 
agree on a standard format for 
storing the pictures before they 
can link to government agencies 
such as the FBI. 

~ Bob Brewin and 
Jennifer DiSabatino 


MASSPORT'S new security measures would aid the National 
Guard at Logan Airport with facial-recognition technology. 


Quic 


Find links on our site to the following topics surrounding 


the technology and issues involved in airline security: 
Lmnk@ www.computerworld.com/q?a1480 


# The Aviation and Transportation Security 
Act, text and PDF 


w American Association of Airport Execu- 
tives & Airports Council International - 
North America, airport security page 


@Links to aviation security topics for the 
U.S. Department of Transportation 


@SITA aviation security solution 


@SITA: Implementing wireless networks 


at airports 


@lEEE standards for 802.11b 
| #Cisco’s response to criticism of wireless 


LANs by the University of Maryland and 
the University of California, Berkeley, with 
links to those universities’ studies 


# Wireless Ethernet Compatibility Alliance 
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Tyson IT Staff Faces 
Meaty Integration Job 


Judge Kills Microsoft 
Class-Action Deal 


A federal judge in Baltimore reject- 
ed a controversial proposal to settle 
more than 100 class-action lawsuits | 
related to Microsoft Corp.’s desktop 
software pricing. Judge J. Frederick | 
Motz acted after Microsoft and at- 
torneys representing two different 
groups of plaintiffs involved in the 
suits failed to come to final terms 
on the proposed settlement, which 
called for Microsoft to donate soft- 
ware, PCs and money to about 
12,500 schools in the U.S. 


CERT Gets Big Jump 
In Security Reports 


IT security incidents reported to 
the CERT Coordination Center at 
Carnegie Mellon University in Pitts- 
burgh more than doubled last year, 
compared with the total received in 
2000. CERT said almost 53,000 
security-related incidents were re- 
ported in 2001, up from about 
22,000 the year before. Reports of 
software security holes also more 
than doubled to about 2,400. 


IBM Sets Deferral 
Deal on IT Services 


IBM extended financing incentives 
to its IT services for the first time, 
offering corporate users a 90-day 
payment deferral on contracts for 
business integration and technology 
services work. The deferral can be 
used with contracts financed by 
IBM and valued at $50,000 to 

$1 million, the company said. 


Short Takes 


London-based INVENSYS PLC’s 
BAAN CO. software unit in Barn- 
eveld, Netherlands, added a Web- 
based sales management applica- 
tion to its customer relationship 
management product line. . .. MO- 
TIENT CORP., a wireless data net- | 
work operator in Reston, Va., filed 
for bankruptcy protection as part of 
a debt restructuring deal. 








| ect reached 
| stone this month when the first 


| iary 
| Tyson’s systems. 


be 
| month, 
| Cooper, vice presi- 
| dent of information 


| dale, Ark.-based Ty- 


| to have all of Food- 
| brands’ 
| changed over by October. 


| Acquisition results in complex project 


requiring 80-hour weeks to link systems 


BY JAMES COPE 
HEN chicken 
processor 
Tyson Foods 
Inc. bought 
meatpacking 
conglomerate IBP Inc. in Sep- 


| tember, it also acquired one of 
| the most complex projects Ty- 
| son’s IT department has ever 

faced: integrating the opera- 


tions of the two companies. 
The multimillion-dollar proj- 
an initial mile- 


of 14 operating companies in 
IBP’s Foodbrands 


| America Inc. pack- 


aged meats subsid- 
was tied into 


Another unit will 


integrated next 
and Gary 


systems at Spring- 
son, said his goal is 


operations 


But Cooper said the integra- 


| tion effort has been fraught 
| with challenges, requiring him 
| and his lieutenants to put in 70- | 
to 80-hour workweeks. 


The project involves untan- 
gling “a web of applications 
and processes” used at Food- 


j 


De on 


TYSON’S Gary 
Cooper: Integration 
with IBP’s Food- 
brands requires 
untangling a “web 
of applications.” 


brands’ operations, he said. “I 
now own every AS/400 appli- 
cation known to mankind,” 
Cooper added jokingly. 

The project was further 
complicated by the fact that 
Dakota Dunes, S.D.-based IBP’s 
annual revenue was more than 
double Tyson’s. 

The complexity forced Ty- 
son to drop its original plan for 
a single project in which the 
integration would be done si- 
multaneously with IT infra- 
structure upgrades at Food- 
brands. 





That initial plan 
was put in place in 
mid-2001, after Tyson 
executives were cer- 
tain that the acquisi- 
tion would occur. 
Eventually, though, 
Tyson decided that 
it needed to install 
the same networking 
technology and desk- 


using at the Food- 
brands units before 
doing the integration, 


| 
| 
| 
| 


said Kevin Young, director of | 


| technical services at Tyson. 
The infrastructure changes 
include linking scores of 
| Foodbrands sites to Tyson’s 
| data center over AT&T Corp. 
| and WorldCom Inc. frame- 


relay circuits, updating PCs to | 


| 
Windows 2000 and convert- 


Y 


> Tyson gathered information to create “fact books” of 75 to 100 pages on 
each Foodbrands unit for use in developing integration plans and timelines. 


» Tyson is upgrading the IT infrastructures at the operations to standardize 


' 


their networks and desktop applications with what it uses. 


» Back-office processing at Foodbrands is being shifted to Tyson's corporate 
IT systems, which are based on SAP R/3 and a set of proprietary applications. | 





ing from Lotus Notes e-mail 
systems to Microsoft Corp.’s 


| Exchange at some locations. 


That should be largely com- 
pleted by next month, accord- 
ing to Young. 

But Cooper said it’s taking 
more time and effort to shift 
the Foodbrands units from a 
dizzying array of homegrown 
and packaged human _ re- 
sources, accounting and prod- 
uct shipment applications to 
Tyson’s systems, which are 
based on a combination of SAP 
AG’s back-office software and 
proprietary production, deliv- 
ery and billing applications. 

In fact, Cooper described 
the integration work as the 
most difficult task he has en- 
countered in his 17 years at 
Tyson. To help smooth the 
process, he said, his IT depart- 
ment has put application and 
data integration on a separate 
track from the infrastructure 
upgrades. 

Cooper’s plan calls for a 
rolling migration of the Food- 


| brands companies, with one or 
| two units being done at a time. 

top software it was | 
| ology starts with interviews of 


Tyson’s integration method- 


IT and business employees at 
each unit to create a detailed 
“fact base” of the existing appli- 


| cations and business processes, 


he said (see story at right). 
During assessment and inte- 
gration, the Tyson project 
teams try to involve IT work- 
ers at Foodbrands whenever 
possible, Cooper said. Food- 
brands has about 15 IT staffers 
at its headquarters in Okla- 
homa City and from one to 
nine workers at each of the 


| business units, he said. 


Cooper declined to com- 
ment on whether there will be 
any consolidation of IT per- 
sonnel after the integration 
project is completed. He also 
wouldn’t disclose specifics on 
the project’s expected cost. 

What could be an even more 
daunting job may lie ahead: in- 
tegrating IBP’s fresh meat unit, 
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Assess First, 
Integrate Later 


The assessment teams re- 
sponsible for probing deeply 
into the business operations 
at the affected IBP units are 
playing a key role in the ongo- 
ing IT integration project at 
Tyson Foods. 

Workers on the assessment 
teams ask thousands of ques- 
tions before any integration 
work gets scheduled, said Gary 
Cooper, vice president of infor- 
mation systems at Tyson. The 
goal is to document existing 
business processes so they 
can be handled by Tyson's 
systems, he explained. 

For example, team members 
ask the units within IBP’s Food- 
brands America subsidiary for 
master lists of products and 
suppliers. Also on Tyson's 
must-see list is information on 
things such as leases, con- 
tracts, customer credit pro- 
cesses, sales procedures and 
human resources policies, ac- 
cording to Cooper. 

The result of all the ques- 
tioning is a fact book consisting 
of 75 to 100 pages for each IBP 
unit, he said. Tyson's project 
managers use them to create 
integration plans and set imple- 
mentation schedules. 

Cooper said the assess- 
ments began in the fall and are 
being done on a unit-by-unit 
basis, similar to the way the in- 
tegration work is taking place. 

-James Cope } 
‘de A ae 
which operates on a complete- 
ly different business model 
than Tyson’s. But Cooper de- 
flected questions about that 
undertaking, saying he’s focus- 
ing on Foodbrands for now. B 


Asentence that preceded a 
chart in Paul A. Strassmann’s 
column “The ‘Right’ Spending” 
[Business Opinion, Jan. 7] on 
Ford and General Motors in- 
correctly described data on 
spending in the chart. The 
chart detailed what the compa- 
nies spent in comparison to 
their revenues, not just what 
they spent on IT. 
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Ballmer: 


Future 


Is Web Services 


Microsoft chief touts .Net, Yukon 


Microsoft Corp. CEO Steve | 
Ballmer this week offered a 
preview of the coming year 
for his company, with corpo- 
rate IT managers in mind, via 
an e-mail interview with Com- 
puterworld’s Carol Sliwa. Ex- 
cerpts follow: 


Can you give us a synopsis of the 
movie trailer for coming attrac- 
tions from Microsoft? From my 
perspective, the theme over 
the next year is Web services, 
XML and .Net.... In terms of 
Microsoft specifically, we'll be 
following up the launch last 
year of Windows XP, Office 
XP and Xbox with a number 
of key offerings, including 
Windows .Net Server, Visual 
Studio.Net and the Tablet PC, 
as well as updates to a number 
of our .Net servers. 


Microsoft has used the term .Net 
in many ways. How do you now 
define .Nef? I really think the 
best way to define .Net is as 
Microsoft’s platform for XML 
Web services. It’s the next 
generation of soft- 

ware that con- 

nects your 

world of 

informa- 

tion, de- 

vices and 

people 





MICROSOFT'S STEVE BALLMER: “The theme 
over the next year is Web services, XML and .Net.” 


in a unified, personalized way. 
What I mean by this is that the 
.Net platform enables the cre- 
ation and use of XML-based 
applications, processes and 
Web sites as services. These 
services can then share and 
combine information and 
functionality with each other. 


A year ago, you said Yukon would 
be key to your “next-generation 
storage, database, file system, 
e-mail and user interface work.” 
How much progress has Microsoft 
made? The development of 
Yukon, the next major release 
of Microsoft SQL Server, is on 
track, and we expect the first 
beta to ship this year. 


Microsoft software continues 

to be plagued by well-publicized 
security problems. How will you 
convince corporations that your 
platform is ready for major new 
initiatives such as .Net? This is 
obviously a challenge not only 
for Microsoft but for our en- 
tire industry. The fact is, all 
software contains vulnerabili- 


| ties. What I can tell you is that 


we are 100% focused on build- 
ing products and technologies 
that are safe and secure. 
In the short term, we are 
committed to responding 
quickly and openly when vul- 
nerabilities are discovered and 
work with customers to rapid- 
ly provide solutions to ensure 
system security. 
In the long term, 
we're building secure 
software from the 
ground up through 
programs such as 
the Secure Win- 
dows Initiative, 
which is focused 
on providing Mi- 
crosoft engineers 
with ongoing edu- 
cation, better 
tools, security- 
focused develop- 
ment processes 





| gain access to certain types of 


| first reported to the company 


NEWS 


and rigorous internal and ex- 
ternal testing required to de- 
liver the high-quality, secure 
software and services that cus- 
tomers demand. 


The changes Microsoft made to its 
volume licensing and upgrade pro- 
grams had corporate users up in 
arms last year. What do you say to 
those corporate customers? One 
of the big issues for many cus- 
tomers was that this is [a] big 
change in how we handle up- 
grades and we didn’t give 
them enough time to plan for 
the change. But we listened 
and extended the transition to 
the new program into the mid- 





dle of next year, so folks have 
14 months from the original 
announcement to review Soft- 
ware Assurance and plan ac- 
cordingly. 


How do you foresee the com- 
petitive landscape changing for 
Microsoft this year? How will you 
counter the challenge that Linux 
and Java present going forward? 
In the current economic cli- 
mate especially, customers are 
demanding bottom-line value 
for their IT investments. We 
intend to deliver by offering 
not only value but also a clear 
technology road map for the 
future. I really believe that the 


Microsoft Investigates 


Alleged Flaw i 


Experts say standard 
security rule ignored 


BY JAIKUMAR VIJAYAN 

Microsoft Corp. is investigat- 
ing an alleged flaw in recent 
versions of its Internet Explor- 
er (IE) browser software that 
could allow attackers to spoof 
legitimate Web sites, steal con- 
tent from browser cookies and 


files on a victim’s system. 
The alleged flaw, which af- 
fects IE Versions 5.5 to 6, was 


on Dec. 19 by an independent 
security researcher who refers 
to himself as ThePull. 

The vulnerability is the re- 
sult of Microsoft’s failure to 
abide by an industry-standard 
browser security rule known | 
as the same-origin policy, said 
David Ahmad, moderator of 
Bugtraq, a mailing list on | 
which ThePull first posted de- 
tails of the alleged flaw. 

The same-origin policy was | 
established to prevent mali- 
cious Web sites from interact- 
ing with and stealing sensitive 
information left in cookies set 
by other sites on a user’s com- 
puter. In other words, when 
one Web site is used to open 
another Web site in a separate 





n Browser 


pop-up window, script code 
from the first site shouldn’t be 
able to affect the information 
or properties of the other site. 

In an e-mail sent to Com- 
puterworld Jan. 8, a spokesman 
for Microsoft’s Security Re- 
sponse Center said the com- 
pany is investigating the issue 
“just as we do with every re- 
port we receive of security vul- 
nerabilities affecting Microsoft 
products.” 

“At this point in the investiga- 
tion, we feel that speculating on 
the issue while the investiga- 
tion is in progress would be ir- 
responsible and counterpro- 
ductive to our goal of protect- 
ing our customers’ informa- 


tion,” the spokesman wrote. 


Even so, said Ahmad, Micro- 
soft’s failure to abide by the in- 
dustry standard in recent IE 
versions has resulted in severe 
security vulnerabilities. 

“If you use the document.- 
write method in the correct 
manner as stated by Microsoft’s 
own documentation, you are 
able to spoof sites, read cook- 
ies from other sites and read 
local files on a user’s system,” 
ThePull wrote in an e-mail to 
Computerworld. “This means 
that someone could send you an 
e-mail from security@ 
microsoft.com to download an 
important update with a link — 
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companies that fail to deliver 
on these business basics will 
be paddling upstream. As for 


Linux, the overall [total cost of 


ownership] issues with Linux, 
coupled with its limitations, 
have caused many enterprise 
organizations to look else- 
where in their planning for the 
coming year.... 

For Java, a big question re- 
mains around strategic inno- 
vation for Web services. With 
the .Net framework, Microsoft 
has developed a clear, well- 
articulated path designed from 
the ground up specifically for 
Web service development and 
deployment. DB 


upon clicking that link, you 
could be brought to a Web page 
with a Trojan [horse] on it.” 

Because of the flaw, attack- 
ers could potentially construct 
Web sites that steal cookies, 
perform actions on different 
sites through script code and 
transmit the content of text 
files to attacker-controlled Web 
servers, warned an advisory by 
San Mateo, Calif.-based Securi- 
tyFocus.com. 

Perhaps the most serious 
consequence is that trusted 
Web sites can be replaced with 
“attacker-created HTML,” the 
advisory said. The best way for 
users to handle the problem is 
to turn off JavaScript, said 
ThePull. 

Meanwhile, security firms 
last week reported the first 
virus directed at Microsoft’s 
-Net platform. Called W232.- 
Donut, the virus isn’t likely to 
be a major threat because of 
the small installed base of .Net 
users, according to an advisory 
by Sunnyvale, Calif.-based Mc- 
Afee.com Corp. D 
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Auto Parts Maker 
Names First C10 


Southfield, Mich.-based Federal- 
Mogul Corp. named Michael Gaynor 
to serve as its first CIO, effective 
Feb. 11. His top priority will be to 
oversee the integration of Federal- 
Mogul’s IT architecture with the 
systems at 13 companies that the 
$6 billion auto parts maker has 
bought since 1998. Gaynor worked 
most recently as ClO at Avery Den- 
nison Corp. in Pasadena, Calif. 


Gulfstream IT 


Outsourced to CSC 


Gulfstream Aerospace Corp., a Sa- 
vannah, Ga.-based aircraft maker, 
announced a 10-year IT outsourcing 
deal under which Computer Sci- 
ences Corp. (CSC) will manage its 
computer operations and applica- 
tions development. About 220 IT 
workers were transferred from Gulf- 
stream to El Segundo, Calif.-based 
CSC when the $510 million deal 
took effect late last month. 


Microsoft Loses Legal 
Bid, Tries Another 


Microsoft Corp. asked the federal 
judge overseeing the antitrust case 
against the company to vacate a 
previous order requiring that deposi- 
tions be open to the public. The re- 
quest came two days after Judge 
Colleen Kollar-Kotelly rejected a 
motion by Microsoft to delay the 
scheduled March 4 start of hearings 
on possible behavioral remedies that 
could restrict its business practices. 


Short Takes 


German airline LUFTHANSA AG 
signed a $40 million deal with Bel- 
gium-based SOCIETE INTERNA- 
TIONALE DE TELECOMMUNICA- 
TIONS AERONAUTIQUES SC for de- 
velopment of an IP-based intranet. 
. .. EASTMAN KODAK CO. in Ro- 
chester, N.Y., is spinning off a new 
company to develop wireless video 
and data transmission technology. 


| of “self-insurance,” said 
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Office Building Managers Eye 
IT-Based Access Control Tools 


Biometric systems and other technologies 


could provide post-Sept. 1] ‘self-insurance’ 


BY DAN VERTON 
ACILITY MANAGERS 
at one of the tallest 
office buildings in 
the U.S. are studying 
the feasibility of de- 
ploying dozens of networked 
kiosks to handle biometric au- 
thentication operations for the 
thousands of workers and visi- 


| tors who walk through the 


doors every day. 

The study at the building, 
which can’t be identified for 
security reasons, is part of a 
growing trend by many com- 
panies to provide what some 
insurance experts describe as 
an IT-security-based  self-in- 
surance model. Not only have 
property insurance rates for 
companies skyrocketed by 


more than 50% in some cases |! 


since the Sept. ll terrorist at- 
tacks, but many insurance 
providers are also excluding 
terrorist incidents from their 


| future policies and jacking up 


deductibles for large corporate 
facilities, many of which are 
underinsured. 

As a result, some companies 
are eyeing IT-based security 
approaches as low-cost forms 
Bill 
Pieroni, general manager of 
global insurance at IBM. Their 
options include biometric sys- 


| tems for tracking visitors and 


authorized employees, smart 


| cards, and networked sensors 


that can detect bombs, chemi- 
cals or nuclear devices. 


The Only Terrorism Insurance 


“You could make the argu- | 
ment that things like biometric 
| devices are a very cheap form 


of premium,” Pieroni said. “It’s 
probably the only form of in- 
surance [against a terrorist at- 
tack] available to companies.” 
However, IT security and 
monitoring systems would 
probably not have a significant 





impact on the overall property 
insurance rates that building 
owners have to pay, said 
Pieroni. “The primary impact 
would be to help draw tenants 
by making them feel secure,” 
he said. “In terms of [rates for] 
durable structures, it’s not go- 
ing to help.” 

Prior to the Sept. ll attacks, 
property insurance rates, in- 
cluding business interruption 
coverage, were already on the 
upswing, according to experts. 
In Tennessee and Kentucky, 
for example, increases of 20% 
weren't uncommon in 2000 
and 2001, and companies with 
“severe” exposure risk saw in- 
creases of more than 50%, ac- 
cording to a recent study by 
Itasca, Ill.-based Arthur J. Gal- 
lagher & Co., the fourth-largest 
insurance broker in the world. 

“Sept. ll simply hardened 
the resolve of the underwriters 
to increase the rates,” said 





AT A GLANCE 


Insurance 
Outlook 


a Pricing will likely rise significantly, by as 
much as 15% to 30% or higher 


# Reinsurers will exclude terrorism losses 
from their 2002 policy renewals. 


@ Carriers will demand loss control 
commitments from clients. 


= Deductibles will increase, possibly to 
$5,000 to $10,000. 


= Applications will require far greate’ 
detail as to the ownership, operations and 
exposures of a risk. 
SOURCE THE INSURANCE INDUSTRY AFTER 
WAGER ES Cat a ae ee 
Patrick McDonough, a lawyer 
and corporate risk expert at 
Howrey Simon Arnold & 
White LLP’s Insurance Recov- 
ery Group in Washington. 
“Companies need to find ways 
of identifying stealth attacks at 
the entry points” of their facili- 
ties, such as lobbies and park- 
ing garages, he said. 

John Ellingson, CEO of 
Akron, Pa.-based Edentifica- 





tion Inc., said the private sec- 
tor urgently needs a Web-en- 
abled biometric clearinghouse 
to enable facility managers of 
large office buildings to identi- 
fy authorized tenants, grant 
one-time, controlled access 
rights to walk-in visitors and 
weed out individuals who at- 
tempt to gain entry using 
fraudulent identities. 

“We used to build a wall 
around an asset. Now you have 
to build a wall around an indi- 
vidual,” said Ellingson. 

However, more than a single 
IT system, even a biometric 
one, will be needed to affect 
soaring rates, according to 
Manfred Ohrenstein, a Man- 
hattan-based insurance lawyer 
whose firm, Ohrenstein & 
Brown LLP, was a tenant at the 
World Trade Center. 

“If a building has adequate 
biochemical testing processes 
and could detect a biological 
agent being introduced in the 
building,” he said, “that lessens 
the risk of that kind of attack, 
and that lessened risk would 
be reflected in the premium.” D 


Identity Management Key to Physical Security, Vendor Says 


John Ellingson, CEO of Edentifica- 
tion, has offered his company's bio- 
metric engineering design free of 
charge to any business consortium 
that is willing to tackle what he calls 
an urgent need to beef up security 
at large U.S. office complexes. 

According to Ellingson, com- 
mercial building security managers 
need a centralized source for bio- 
metric data verification to help 
identify unauthorized individuals on 
their premises and control entry to 
all or parts of a building. 

Last year, 28,000 branch bank 
offices used Edentification’s soft- 
ware to screen 18 million new bank 
account applicants for identity 
fraud. The screenings revealed that 
750,000 of the identities used to 
open those accounts had been in- 
tentionally manipulated for the pur- 
poses of deception, Ellingson said. 

“Those same identities were used 





to obtain driver's licenses, credit 
cards and airline tickets,” he said. 
Banks and other financial institu- 
tions have licensed Edentification’s 
technology to screen more than 50 
million identities since 1996. The 
company's software sorts through 
large consumer databases and uses 
a proprietary fuzzy logic key to ana- 
lyze and score identity information 
individuals entered against the 
database. Multiple databases can 
be used to track identities for po- 
tential fraud, including consumer 
databases and the FBI's Most 
Wanted list, said Ellingson. 
However, the strength of the 
technology is in its ability to enroll 
and screen strangers as they enter 
a building, he said. Biometric read- 
ers would enable security person- 
nel to give individuals access to a 
building for specified lengths of 
time. They would send alerts when 





a person exceeded his authorized 
stay and even weed out individuals 
using fraudulent identities before 
they entered a building. 

Mike Hager, vice president of 
network security and disaster re- 
covery at OppenheimerFunds Dis- 
tributor Inc. in New York, likened 
the Edentification technology to the 
concept of a revocation checklist in 
the X.509 messaging world. “It 
sounds really interesting, if they 
can get sufficient participation to 
make the searches valid,” he said. 

However, John Pescatore, an 
analyst at Gartner Inc. in Stamford, 
Conn., downplayed the viability of 
using biometrics to monitor public 
entry of large corporate facilities. 

“Biometrics is overkill, way too 
expensive and way too intrusive for 
applications like random public en- 
try,” he said. “It makes no sense.” 

- Dan Verton 





As a product developer at JVC, 
| was asked to create a hybrid 
VCR that would revolutionize the 
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JVC wanted to create a VCR like none other. One 
that combines the multifunctions of a hard disk drive 
with the familiarity of a VCR. So TV programs can 
be recorded and played back simultaneously. Size, 
of course, was a factor. So was time. That's why JVC 
chose Fujitsu’s high-performance, highly integrated 
semiconductor solution, which provided all the 
necessary circuits on a single 28mm chip. With the 
technology and expertise provided by Fujitsu, JVC 
successfully developed a finished product within one 
year. Now even more people are tuning in to JVC. 
For more details, visit us.fujitsu.com/casestudy/. With 
a partner on the cutting edge of technology, you can 


accomplish anything. 


oO 
FUJITSU 


THE POSSIBILITIES ARE INFINITE 


www.fujitsu.com 


©2001 Fujitsu. All rights reserved. 
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Distributor: New Apps 
Helped Seal $3B Deal 


Aviall IT rebounds 
from mainframe 
migration problems 


BY MARC L. SONGINI 
VIALL INC. is point- 
ing to a $3 billion 
spare-parts distri- 
bution contract it 
won last month as 

proof that its new IT infra- 
structure is starting to pay off | 
after a previous mainframe | 
migration project nearly caused 
disaster three years ago. 

The 10-year contract, under | 
which Dallas-based Aviall will 
sell and distribute spare parts 
for a widely used aircraft en- 
gine from Rolls-Royce PLC, 
took effect on Jan. 2. Aviall CIO | 
Joe Lacik last week said the 
deal — the largest of its kind in | 
the firm’s history — would 
have been impossible without 
the systems that his staff large- | 
ly finished putting in place | 
during the fall. | 

Aviall and London-based | 
Rolls-Royce already had a sep- 





sab “Cage ay. 1 Ls a eR gcnemarmmmanans ue atest 


Application Diversity 


Aviall’s new IT architecture uses middleware technology to tie 
together a broad set of applications from various vendors. 


SIEBEL 
SYSTEMS 


@ Sales force automation 
= Order entry (due to go 
live next month) 


SYBASE 


Under development fo 


CATALYST 
INTERNATIONAL 
INC. 

# Inventory control 


ws Warehouse 
management 


LAWSON 
SOFTWARE 


=Finance 
wHR/payroll 


gen ees ae a | 


| tion deal in place. But one of 


| Lacik said, was Aviall’s 


Real-time 
integration 


arate, much smaller distribu- 


the keys to the new contract, 
im- 
proved ability to offer technol- 
ogy-driven services such as 
sales analysis and demand 
forecasting down to the line- 
item level to manufacturers. 

Lacik said Aviall spent $30 
million to $40 million to install 
new enterprise resource plan- 
ning (ERP), supply chain, cus- 
tomer relationship manage- 
ment and e-business applica- 
ticns from five software ven- 
dors, including St. Paul, Minn.- 
based Lawson Software Inc. 
and San Mateo, Calif.-based 
Siebel Systems Inc. 

The distributor of aviation 
and marine products also de- 
ployed application integration 
software from Sybase Inc., in 
Emeryville, Calif., to tie the | 
systems together (see box). 
Most of the pieces are in place, 
except for Siebel’s order entry 
software and some of the inte- 
gration links, Lacik said. Those 
are scheduled to be rolled out 
later this year, he added. 

The IT makeover, which be- 


BROADVISION 
INC. 


# E-commerce 

= Web-based customer 
support and supplier 
services 


* Under development 


XELUS INC. 


= Product allocation 
= inventory 
management 
= Purchasing/forecasting 


| management 





gan two years ago, was a gam- 
ble for Aviall following a near- 
disastrous migration from its 
mainframe systems to a highly 
customized set of Lawson ERP 
applications, completed in ear- 
ly 1999. 

Training, software and im- 
plementation issues related to 
that project were blamed for 
a big drop in sales. Extensive 
manual work-arounds were re- 
quired, and the company’s CEO 
eventually left. Lacik came in to 
run IT at the start of 2000. 





The applications from Law- 
son were perfectly sound but 
hadn’t been designed to handle 
the huge amount of tracking 
numbers that Aviall needed to 
maintain on the parts it sells, 
Lacik said. The company un- 
plugged much of the Lawson 
system and continued to use 
pieces of its mainframe appli- 
cations while developing the 
new multivendor architecture. 

According to Lacik, the dis- 
tribution and supply chain ser- 
vices made possible by the 
new applications have helped 
Aviall minimize lost sales de- 
spite the down economy and 
the Sept. ll terrorist attacks. He 
said the systems have also cut 
costs to the point where the 
architecture has probably al- 
ready paid for itself, although 
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Aviall has yet to calculate its 
return on investment. 

“No question that there has 
been a complete turnaround 
from the company that was 
potentially for sale a few years 
ago and losing market share,” 
said Peter Arment, an analyst 
at JSA Research Inc., a New- 
port, R.I.-based aerospace re- 
search firm. 

Arment said it’s difficult to 
say exactly how much credit 
IT deserves. But the system 
changes have made the com- 
pany more efficient and con- 
tributed to an improvement in 
its profit margins, he added. B 

. IT shops at Aviall and 
C Rolls-Royce will need 
tighi ties. Read more 
on our Web site: 


www.computerworld.com/q?26335 





| Sales slump spawns 


interest in efficiency 


BY CAROL SLIWA 


| Retailers doing the best job 


at weathering the economic 
storm — which resulted in the 


| 
| 
| 
| 


weakest holiday sales growth | 


in six years — are expected to 
make the most 
investments in efficiency-ori- 


| ented IT systems during the 


coming year, industry analysts 
said last week. 
Cap Gemini Ernst & Young’s 


substantial | 


| 
| 
| 
| 
| 
| 
| 
| 
| 
| 


related IT spending” in North | 
America, said Fred Crawford, | 
| $13 billion to $14 billion in holi- 


an executive vice president at 
the Paris-based consulting firm. 


| Cap Gemini arranged a telecon- 


ference call last week to discuss 
retail trends. 
Most spending is on ware- 


house and inventory manage- | 
| ment and financial controls, 


Crawford said. Surprisingly, 
the retail industry isn’t invest- 
ing in customer relationship 
(CRM) to the 
same degree as “every other 
industry segment, including 





Analysts Say Retailers Will 
ending in ‘02 


consumer packaged goods,” he 
said, noting that his firm did 
much more retail CRM work 
two years ago. 

Any investments that retail- 
ers make will come despite de- 
clining sales growth figures in 
the industry, as predicted dur- 
ing last week’s teleconference 
by prominent retail analysts. 

Sales in chain stores grew just 
2.2% during November and De- 
cember, making the 2001 holi- 
day season the weakest since 
1995, said Michael Niemira, an 
economist at Bank of Tokyo- 


Mitsubishi Ltd. in New York. 
retail and consumer division is | 
seeing “an explosion in retail- | 


Online Spike 
Meanwhile, the online sector 
saw a spike of about 20%, with 


day sales, said Ken Cassar, a 


| senior analyst at New York- 


based Jupiter Media Metrix Inc. 
But “the 20% or so that we’re 
looking at this year is less sun- 
ny,” considering that growth 
had been 124% in 1999 and 56% 
in 2000, he said. Jupiter won’t 
finalize its 2001 holiday num- 
bers for another three to four 
weeks, Cassar said. 

Spending already had been 
slumping during the 2000 holi- 





day season, when overall retail 
sales growth for the months of 
November and December was 
2.4%, Niemira said. He added 
that retailers were feeling re- 
cessionary forces well before 
the government made the offi- 
cial declaration in March. 

But Niemira expects the pic- 
ture to gradually brighten. He 
predicted that sales growth for 
the year as a whole will reach 
3% to 3.5%, compared with 
2.6% in 2001. “It’s not going 
to feel good to every retailer, 
but it’ll feel better than 2001,” 
Niemira predicted. 

Those retailers that elect to 
invest in their e-commerce 
sites will be “buttoning down 
core functionality,” focusing 
on merchandising and improv- 
ing their search engines and 


| general navigation features, 


according to Cassar. 

“There may be some oppor- 
tunity in merchandising appli- 
cations, particularly on the an- 
alytics side, helping us under- 
stand the types of things that 
people buy, finding cross-sell- 
ing and potentially upselling 
potential,” Cassar said. 

He predicted that sites will 
also look to speed page down- 
loads, which can take Il to 15 
seconds on an average dial-up 
modem. “That’s not going to be 
acceptable going forward, and 
I wouldn’t expect the mass 
market’s going to have broad- 
band soon,” Cassar said. D 
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THEY CAME LOOKING FOR THE SOFTWARE CHOSEN BY LEADING E-BUSINESSES. THEY FOUND: 


WEBSPHERE ar eBay 


IBM WebSphere is the fastest-growing e-business software platform: eBay, one of the most 
successful “born on the Web” companies, has turned to WebSphere infrastructure software as it gets even 
more serious about e-business. WebSphere has the scalability to build, launch and maintain a massive 
around-the-clock site like eBay. Over thirty million registered eBay users will rely on the dependability of 
WebSphere when they buy collectibles, electronics and B-to-B services. Visit ibm.com/websphere/ebay 


; IT’S A DIFFERENT KIND or WORLD. 
© business software YOU NEED A DIFFERENT KIND or SOFTWARE. 








Compaq to Report 
04 Profit, not Loss 


Compaq Computer Corp. reversed 
an earlier prediction that it would 
report a loss for the fourth quarter 
of 2001, saying it will show a profit 
because of higher-than-expected 
sales. Fourth-quarter revenue 
should top the $8 billion mark, up 
from Compagq’s earlier projection of 
about $7.8 billion. The anticipated 
profit follows losses in the second 
and third quarters of last year. 


Vendors See Mixed 


Results for Quarter 


Software vendors SAP AG and 
Houston-based BMC Software Inc. 
both also announced that their re- 
sults for the just-finished quarter 
should be better than expected. But 
San Diego-based Gateway Inc. said 


its PC shipments were below expec- | 
| had been running the company 


tations. And Basking Ridge, N.J.- 
based networking vendor Avaya Inc. 
warned that it will report a loss on 
lower-than-expected revenue. 


IBM Outsources 


NetVista Production 


IBM signed a deal to outsource 
manufacturing of its NetVista desk- 
top PCs to Sanmina-SCl Corp. in 
San Jose, which is buying produc- 
tion operations in the U.S. and Eu- 
rope from IBM as part of the agree- 
ment. IBM said the outsourcing 
move won't affect its NetVista pric- 
ing. The company will continue to 
design the NetVista line and manu- 
facture its ThinkPad notebook PCs. 


Short Takes 


Boston-based OPEN RATINGS INC. 
bought the technology assets of 
GENTIA SOFTWARE PLC, a British 
developer of applications for mea- 
suring corporate performance. . . . 
Mountain View, Calif.-based 
VERISIGN INC. announced plans to 
buy two companies, including wire- 
less billing services provider H.0. 
SYSTEMS INC. in Savannah, Ga. 


| recently 
| chief operating officer at East- 





| US. 
| the confidence that corporate 
about relying on | 
| hosting firms, analysts said. 

But, they added, it would be | 
wrong to view USi’s woes — | 


| users have 


New Lucent CEO to 
Keep Strategy Intact 


Former executive a at it telecommunications 
equipment vendor returns at the top 


BY JAMES COPE 
FTER A 15-MONTH 
search for a new 
CEO, Lucent 
Technologies Inc. 
last week brought 

back a former high-level exec- 

utive who isn’t expected to 

make major strategic changes 

at the struggling company. 
Lucent gave the CEO job to 

Patricia Russo, who left the 

Murray Hill, N.J.-based vendor 

of telecommunications equip- 

ment 18 months ago and most 
was president and 


man Kodak Co. in Rochester, 


N.Y. Russo, 49, takes over at Lu- 
cent from Henry Schacht, who 


| Chapter Il sought as 
| part of restructuring | 


| allowing the ASP to eliminate 
| most of its debt. 
USi, which cut its workforce | 


| BY JAIKUMAR VIJAYAN 
| Last week’s bankruptcy filing 
by USinternetworking Inc. | 
| (USi), the largest application | 
| with Bain in October and said 
| the deal has now been final- 
| ized. “ 


service provider (ASP) in the 
is sure to further erode 


and those of some other major 
ASPs — as a sign that there’s 
something inherently wrong 


| with the application outsourc- 
| ing model ona long-term basis. 


Annapolis, Md.-based USi 
filed for Chapter ll bankruptcy 


| protection as part of a planned 
| restructuring that’s aimed at | 
reducing the company’s $120 
| million debt and providing it 
| with new funding. Under the 








| on an interim basis since late 


2000. 

But Schacht will continue as 
chairman for up to a year, and 
Russo indicated that she plans 
to stick with the strategy he de- 
vised. In a statement, Russo 
said Schacht and his manage- 
ment team “have put in place 
and are implementing a solid, 
credible plan for turning this 
business around.” 


A19-Year Veteran 


Russo is no stranger to Lu- 
cent, having worked at the 
company and its forerunner 
operations within AT&T Corp. 
for 19 years before leaving in 


| August 2000. Her last job be- 
| fore she departed was heading | 


creditor-approved plan, an af- 
filiate of Boston-based Bain 
Capital Partners LLC will in- 
vest up to $106 million in USi, 


by more than 50% last year, 
signed an initial agreement 


It’s unfortunate that the 
only way we could get this ac- 
complished was through a 
Chapter 11 filing,” said USi 
CEO Andrew Stern. “But ... 
this is by no means a going- 


out-of-business announcement. | 


This is very much a staying-in- 
business announcement.” 


Even so, USi’s plight is sure 


to cause tremors in an industry 
that has seen a string of busi- 
ness failures during the past 12 
months, said Amy Mizoras, an 
analyst at Framingham, Mass.- 
based IDC. “I think the overall 
reaction to this is going to be 








up the Lucent unit that makes 
equipment for telecommuni- 
cations and data network ser- 
vices providers — 
the business that be- 
came the company’s 
core operation as 
part of the overhaul 
started by Schacht. 
“In some respects, 
she may see this as 
vindication for being 
prematurely forced 
to leave Lucent in the 
first place,” said Jim 
Slaby, an analyst at 
Giga Information 
Group Inc. in Cambridge, Mass. 
The Lucent that Russo is re- 


turning to is far different from 


the one she left, following a se- 
ries of cutbacks and restruc- 
turing moves that were 
prompted by big losses and a 
sharp drop-off in sales. 

Lucent is now focused al- 


Analysts: USi Filing May Harm ASP Image 


negative,” said Mizoras. 


But Mizoras added that she | 


expects the appeal of ASP ser- 
vices to continue to catch on 
with users. Most of the trou- 


| bles plaguing USi and other 


ASP pioneers have to do with 
issues such as overinvestment 


Financial Fix 


USi’s plan for restructuring 
its finances includes the 
following elements: 


» The company finalized a deal to 
get up to $106 million in new 
financing from an affiliate of Bain 
Capital Partners. 


> Bain wii: invest $81 million in 
USi at first. It will follow up with 
the remaining $25 million if spe- 
cific business milestones are met. 


> To speed up the process, USi 
filed for bankruptcy protec- 


tion. It expects to emerge from 
Chapter 11 in the spring. | 


RUSSO: Lucent has 
a “solid, credible 
plan” in place. 


| vertical 


| lenges for 
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most solely on selling to ser- 
vice providers, Slaby said. The 
frecorna line of enterprise 
| oatice and hubs was spun 
off into Basking Ridge, NJ.- 
based Avaya Inc. two years ago, 
and various other units have 
also been divested since then. 

Janet Davidson, president of 
integrated network solutions 
at Lucent, said the 
company still offers 
network services and 
systems to corporate 
users through ser- 
vice providers and 
other partners. For 
example, she said, 
Lucent worked with 
WorldCom Ine. to 
provide a virtual pri- 
vate network linking 
more than 1,000 loca- 
tions to Toyota Mo- 
tor Sales U.S.A. Inc. in Tor- 
rance, Calif. 

Lucent also continues to sell 
directly to IT departments in 
markets such as fi- 
nance and health care. But cor- 
porate users “will have a hard 
time getting much attention 
from Lucent,” Slaby said. D 


in technology infrastructures 
and application service portfo- 
lios, she said. For example, USi 
spent hundreds of millions of 
dollars building data centers 
for customers that have yet to 
materialize. 

The licensing, technology 
and service issues involved in 
retrofitting packaged applica- 
tion for delivery via the Inter- 
net also presented big chal- 
many ASPs, said 
Laurie McCabe, an analyst at 
Boston-based Summit Strate- 


gies Inc. 


“A lot of them got carried 
away by their own and every- 
body hype,” McCabe 
said. Going forward, she pre- 
dicted, most ASPs will likely 


else’s 


| be a lot leaner and focus on 


one or two vertical markets or 
application niches instead of 
trying to support a wide range 
of applications. 

McCabe added that she also 
expects more ASPs to concen- 
trate on offering internally de- 
veloped applications rather 
than relying on packaged soft- 
ware made by other vendors. D 








Spending too much > 
on your RISC/UNIX 
infrastructure? 


> Migrate to LINUX 


Red Hat Linux’ on Compaq ProLiant” Servers 


Saving money creates competitive advantage. And you'll save BIG in Total Cost 
of Ownership when you migrate to Linux.* Combine Compaq ProLiant servers, the world’s best- 
selling server, and Red Hat Linux, the world’s leading Linux platform. You'll have higher 


performance, lower TCO, and 24/7 support that’s there when it counts. 


- Get the numbers. Read the IDC whitepaper on Total Cost of Ownership. 
Go to www.redhat.com/explore/tco14 
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MARYFRAN JOHNSON 


Windows Homeland 


O HERE WE ARE on Jan. 14, 2010. Hard to 
believe it has been only eight years since 
Bill Gates changed everything with that 
historic announcement at the Consumer 
Electronics Show in Las Vegas, when he 
proclaimed Windows XP the “digital hub” for the 


home. 


How time flies when you’re constantly rebooting 


your house! 

Not that I’m com- 
plaining. I have to stay 
on the cutting edge of 
technology, so I signed 
right up, along with the 
original 434,565 beta 
users of Mira. 

You remember Mira, : 
that original set of wire- ‘ 
less technologies that let 
you unplug flat-panel 
displays and schlep 
them around? Just like 
Bill promised us all sianemesas 
those years ago: “As you move 
from device to device, your infor- 
mation is there for you.” 

Once we solved that problem 
with our dachshunds burying the 
damn things in the back yard, we 
were actually able to find our in- 
formation. That was cool. 

We eventually had to scale those 
dogs up to Dobermans anyway, 
after a few robbery incidents fol- 
lowing some Unrecoverable Door 
Unlocking Errors in Windows 
HomeSecure. 

My family was also an early 
adopter of Freestyle, which as you 
may recall turned the Windows XP | 
interface into a control panel that 
could be operated by remote con- 
trol. Looking back now, I can see 
why those roving vans of wireless 
crackers dubbed it FreeForAll. 

But when the Gates administra- 
tion started that new federal 
agency (The Bureau of Stolen 
Identities, Compromised Informa- 
tion and General Aggravation), at 


| 
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least we had someone 
to call. 

Not that you can ac- 
tually talk to human be- 
ings anymore. But seri- 
ously, who needs them 
now that we have na- 
tionwide installation of 
Microsoft’s voice- 
recognition software, 
Windows SayAgain? 
Though I do find Steve 
Ballmer’s voice just a 
tad screechy. 

What changed our lives the 
most, I must say, was the introduc- 


| tion of Windows technologies into 
| all of our appliances. I’ve had very 
reasonable service from the Micro- 


soft Certified Plumbing Engineers 


| when WindowsJohn gets clogged. 


Of course, when Bill said he’d 


FOR EXAMPLE , 
Tilo COULD BE 
MISINTERPRETED. 





| “deliver the intelligent experi- 
| ence,” he probably wasn’t thinking 


of my teenage daughter’s smart- 
aleck friends hacking into our 
Windows GroceryList and order- 
ing that truckload of Doritos and 
Mountain Dew. 

And my husband is still a little 
freaked about the lawn mower or- 
dering that herd of goats to help 
with lawn maintenance. Don’t even 
get him started on how the car in- 
sists on only premium Microsoft- 
Gas instead of regular. 

I still say it was merely an unfor- 
tunate choice of words on Bill’s 
part when he told a Reuters re- 
porter how “the explosive way that 
these devices work together will 


overwhelmingly be wireless.” 


There’s no way he could have 
known about that freakish data ex- 
change glitch between the Micro- 


| softToaster setup utility and the 


Stinger SmartPhone 2002. Didn’t 
they get a patch out within 90 


| days? I mean, give the guy a break. 


Overall, I can’t say enough good 


| things about Windows as the hub 


of my digital home. Life is so filled 
with unexpected challenges these 
days. I can hardly wait to sign up 
for that next big release. I hear it’s 
code-named Lucifer. D 


| getherness. 
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PIMM FOX 


IT’s Triumph 
In Euroland 


ROME, ITALY 
HE FRENCH SAY 
“your-roe,” the Ger- 
mans “oi-roh” and the 

Italians, well, they stretch it 

out to “eh-or-roh.” Despite the 

linguistic differences among the 12 

member countries of the European 

Union that have opted to ditch their 

national currencies in favor of the 

euro, it’s surprising how little fuss and 
bother accompanied the EU’s brand- 
new, state-of-the-art money. 

Shops and 
ATMs are plenti- 
fully stocked 
with the rather 
bland-looking 
coins and notes, 
while most con- 
sumers seem 
happy to patient- 
ly work through 
this experiment 
in economic to- 


PIMM FOX is | 
Computerworld’s West | 
Coast bureau chief. 
Contact him at 
pimm_fox@ i 
computerworld.com. | 


Underlying the 
dramatic shift = 
across the European continent is a 
great appreciation for IT and the role it 
has played in making the gradual tran- 


| sition smooth and free of anxiety. 


Banks, post offices (stamps are quoted 
in both national currencies and euros 
for the time being) and most retail es- 
tablishments have converted their in- 
ventory, accounting and payment sys- 
tems to euros, making this final move 
into consumers’ pocketbooks an incon- 
venience rather than something to ob- 
sess about. A few notable glitches oc- 
curred, of course, but most people here 
seem to be making the shift to new 
money rather effortlessly. 

The euro’s success on the street 
proves how much faith people have in 
the IT infrastructure that keeps their 
everyday lives humming. Mario Di 
Desidero, a lawyer from Lanciano, a 
small town in eastern Italy, explains 
that people are conditioned to seeing 


} euro conversions on bank and credit 


card statements, so the appearance of 
euro currency seems natural. 
’ ck For more Computerworld 
columnists and links to archives 
[Tmke of previous columns, head to 
www.computerworld.com/q?qi000 
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IT operations have run so well dur- 
ing the conversion — which lasts until 
the end of February, when only the 
euro will be accepted — that people 
have displayed a complacency that 
would surprise most IT managers with 
memories of pre-Y2k panic. In Rome, 
shopkeeper Umberto Dell’Omo at the 
Piazza Alessandria cheerfully quotes 
prices of oranges and lettuce in lira 
and euros. In Paris, it’s chic to pay in 
euros and retro to handle francs. 

On second thought, maybe it was the 
public’s memory of IT’s nearly effort- 
less handling of Y2k that has made it 
so calm. 

The Europeans have done us a favor, 
reawakening our faith and hope in IT’s 
capabilities. At the very least, it offers 
a good reason to install new keyboards 
with the euro symbol. But if you’re 
concerned about high-tech crackers 
using their prowess to exploit the tran- 
sition, consider this: In Sardinia, 
thieves used a backhoe to haul away an 
entire ATM stuffed with €10,000. How 
old-fashioned. 3 


DAVID MOSCHELLA 


Web Services 
Won't Match 
The Hype 
VER SINCE the dot-com 
bubble burst, it’s been 
tough in the buzzword 


business. Remember bricks 
and mortar, disintermediation, 


bits vs. atoms, first-mover advantage, in- | 


creasing returns, critical mass and, of 
course, New Economy? You don’t hear 
too many of those terms these days. 

But the buzzword factory hasn’t shut 
down. During the past six months, it’s 
been running at about half capacity 
trying to promote Web services as the 
IT industry’s Next Big Thing. With a 
steady flow of seminars, white papers 
and supportive punditry — much of it 
financed by giants such as IBM, Sun, 
Microsoft and Oracle — it’s reminis- 
cent of the good old days. But given 
the sad fates of so many previously hot 
new concepts, what exactly are we to 
make of this one? 

Web services enthusiasts might have 
an easier job if they had chosen a dif- 
ferent name. During the Internet boom, 
Web services was basically synonymous 
with dot-com companies, virtually all 
of which were providing various Web- 


NEWS OPI 


based services. Web services 
was also the umbrella term 
for many specific technology 
services such as Internet ac- 
cess, Web hosting, Internet 


| storage and faxing. 


In addition, the term is 


| still used to encompass 


wider industry trends such 
as the replacement of pack- 
aged software with Web ser- 
vices and the emergence of 
the Web as an electrical- 
grid-like service utility. 
Amazingly, the current usage breaks 
new ground once again. According to 
IBM, Web services are “self-contained 
modular applications that can be de- 
scribed, published, located and in- 
voked over a network, generally the 


| World Wide Web.” In other words, 


Web services are now defined as inter- 
operable service components that can 
be accessed as necessary. 

Frequently cited examples include 


| third-party services for instant messag- 
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ing, auctions, electronic 
payments and online pur- 
chasing systems. Existing 
credit card authorization 
and content-syndication 
systems also fall within the 
Web services realm. 

It all sounds reasonable 
enough, but recent experi- 
ence is on the side of the 
skeptics. It’s somewhat de- 
flating to realize how much | 
time and energy have been | 
wasted talking about inter- | 
operable software objects. 

Consider the fierce but not particu- | 
larly consequential debates over 
DCOM, CORBA, JavaBeans, ActiveX, 
object-oriented databases and the like. 
It’s easy to see the current incarnation 


| of Web services and its various compo- | 


nents, including XML, SOAP and 
UDDI, as belonging to this less-than- 


| glorious part of IT history. 


If anything, the Web services chal- 
lenges of today are even tougher than 


those faced by previous interoperability 
initiatives. Whereas earlier efforts fo- 


| cused largely on improving interoper- 
| ability within a single organization, 


Web services vendors promise that 


| both intra- and interenterprise integra- 


tion will eventually be as easy as HTML 


| and HTTP interoperability are today. 


But the difficulties in quickly achieving 
this goal are hard to overestimate. 

My take on Web services is that it’s 
not so much the industry’s Next Big 


| Thing as a sign of where the Web is 


headed. Interoperable components 
won't create a big, new market full of 
exciting new companies, and they 
won't create a dramatic shift in appli- 
cations or capabilities. 

The Web has always been about ser- 
vices, so in this sense, Web services will 
thrive. But all of our experience sug- 
gests that the emergence of truly inter- 


| operable Web components will eventu- 


ally prove important. And progress will 


| be much slower than today’s heavy pro- 


motional campaigns suggest. D 





| charging you more for gaso- 


| small company is setting up 





| dialing into a local ISP to ac- 


Good Business or Greed? | 


F AT&T and Comcast don’t | 

manage their business 

fairly, they could end up 
like Excite [“Users: AT&T 
Comcast Should Change 
Policies,” News, Jan. 1]. In the | 
article, user Eric Hoyt drew a | 
sarcastic analogy that back- 
fires. He said that charging 
for VPN service “is like 


line depending on what kind 
of car you drive.” Will your 
gasoline bill not be more if 
you drive a Chevy Suburban 
than if you drive a Civic? If 
you don’t like the cable ser- | 
vice, then try to get DSL, and | 
if you're still not satisfied, go | 
back to dial tone. Let the ca- 
ble companies manage effec- 
tively and prevent another 
Excite-type bankruptcy. 

Matt Cero 


| President 
| Computer Tutor 


Seattle 


HE GREED demon- 
strated by these poli- 
cies is incredible. Our 


a VPN. Although its primary 
use will be for road warriors 


cess our file server and 
e-mail, some people will oc- 
casionally use the VPN from 
home. There is no way any 


| of them will pay an extra $60 
| a month just to access our 
| LAN through a VPN. Both 


the cable and phone compa- 
nies see money anytime the 
term business user is men- 


| tioned. But they could make 


more money by pricing the 


| services competitively and 
making up in volume what 
they try to make by overpric- 


ing “business-level” access. 
Don Yelton 

Senior staff 

Labblee Corp. 

Cambridge, Mass. 


"UCITA’s Weasel Backers 


N “COMING Retractions” 

[The Back Page, Jan. 7], 

Frank Hayes wrote, 
“Writing about backers of 


| UCITA... I'll almost certain- 


ly refer to the UCITA propo- 


nents ... as self-destructive 


| weasels who would kill their 
| customers as gladly as they 
would eat their young. This 


will be inappropriate. 
Weasels don’t actually eat 
their young.” 

I believe that “This will be 





| inappropriate” should read, 


‘This will be inaccurate.” 
Appropriateness is a subjec- 


| tive opinion. That weasels 


don’t actually eat their 
young is a fact. I, for one, 


| think that referring to the 
| UCITA proponents as self- 


destructive weasels who 
would kill their customers as 
gladly as they would eat 


| their young is appropriate. 
| James A. Wernecke 


IT manager 
Barrington, lll 


BSAIs No Watchdog 


"M NOT SURE applying the 

term software watchdog 

group to the BSA is accu- 
rate [“BSA Offers One- 
month Grace Period to Soft- 


| ware Pirates,” Computer- 


world.com, Jan. 4]. The BSA 
is a consortium formed by 


| vendors to promote their in- 
| terests. Its stated mission is 


to “help governments and 


| consumers understand how 


software strengthens the 
economy, worker productivi- 


| ty and global development; 


and how its further expan- 
sion hinges on the successful 
fight against software piracy 
and Internet theft.” 


Although few could argue 
against the need to prevent 
software piracy, it should be 
recognized that violations 
represent lost revenue to 
BSA members. While grace 
periods to promote the re- 
gaining of licensing compli- 
ance are appreciated from 
the consumer side, it should 
also be a warning to con- 

| sumers concerning an un- 
derlying desire among BSA 
members to continue to look 
for new ways of increasing 

| their incomes. 

| Bruce C. Barnes 
President 

| Bold Vision LLC 
Dublin, Ohio 


| COMPUTERWORLD welcomes 

| comments from its readers. Letters 
will be edited for brevity and clarity 
They should be addressed to Jamie 
Eckle, letters editor, Computerworld, 
PO Box 9171, 500 Old Connecticut 

| Path, Framingham, Mass. 01701 
Fax: (508) 879-4843. Internet 
letters@computerworld.com. Include 
an address and phone number for 

| immediate verification. 


For more letters 
on these and other 
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PINK SLIP SUBSTITUTE 


Your company has huge invest- 
ments in the training, experience 
and intellectual capital of its IT 
staffers — so cutting some of them 
loose during an economic down- 
turn could turn out to be penny- 
wise and pound-foolish. Here are 
some firms’ alternative approaches 
to layoffs. PAGE 24 


RETURN ON TRAINING 


Though some firms are cutting IT 
spending, most organizations are 
increasing their IT training bud- 
gets. Find out why many groups are 
emphasizing soft business skills, 
project management and security 
education. PAGE 30 


WATCHING THE 
DETECTIVES 


Because a growing amount of 
crime evidence is digital, IT foren- 
sics experts such as PayPal Inc.’s 
Ken Miller (above) are an emerg- 
ing group of high-tech profession- 
als who not only solve crimes, but 
also help contribute to the bottom 
line. PAGE 32 


CAREER ADVISER 


Fran Quittel offers suggestions to 
an IT professional about the tax 
implications of becoming an inde- 
pendent consultant. She also ex- 
plains the differences between 
exempt and nonexempt status to a 
Unix administrator. PAGE 34 





BUSINESS 


JOE AUER/DRIVING THE DEAL 


Looking Beyond ‘Needs’ 


F YOU LOOK AT A LARGE IT procurement deal comprehensively 

and objectively, its most crucial factors go far beyond a specific set 

of a given department’s needs. Yet vendors’ sales representatives are 

highly trained to identify these needs and to sell “solutions.” And to 

the detriment of their bottom lines, flexibility or sanity in contract- 
ing issues, many customers believe that the needs of their departments or 
functional areas are the only important factors. 


To do the best deal for your organization, you 
must consider that whatever you want to buy is just 
one part of a package. For example, a vendor’s repre- 
sentative says, “Our equipment can handle your 
problems by providing these solutions, and it’s with- 
in your budgetary constraints. We can deliver the en- 
tire system, within your time frame, and the system 
will provide a more than adequate performance lev- 
el. Can we do business?” 

If these are your main concerns, your response 
will most probably be yes. The vendor’s representa- 
tive then hands you a letter of intent and says: 
“Great! Sign here and we can get going.” You sign be- 
cause your primary concerns at that time are the 
four or five areas that the vendor has so carefully 
targeted. Good deal? Many times, the answer is no. 

Although a given departmeni’s needs are impor- 
tant, they’re often only a subset of a wide range of is- 
sues involving contractual, financial, operational, 
technical, procurement, end-user and senior man- 
agement requirements. 

Unfortunately, department heads, project leaders 
and end users often find out later that in 
their haste to satisfy only their needs, they 
overlooked some extremely important en- 
terprisewide issues. For example, they 
may have paid more than they needed to, 
neglected to secure adequate contractual 
protection or done something that’s in- 
compatible with technical standards or 
long-term corporate goals. In essence, the 
customers may find they were sidetracked 
by a bad case of tunnel vision, compli- 
ments of a great sales job by the vendor’s 
representative. 

This micro view of the acquisition has a 
number of variations. The speed-of-doing- 
the-deal obsession during the Internet 
craze played right into this problem. A no- 
ticeable number of customers suffered 
vendor performance shortfalls — stern 
reminders that haste makes waste. They 


| 
| 
| 
| 
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didn’t get what they paid for because contractual as- 
surances “took too much time” in the rush to get 
Web deals done. 

In some situations, a vendor uses a financial con- 
cern to persuade the customer to sign up. The cus- 
tomer’s CFO is searching for some impact to the bot- 
tom-line profit. So, an astute vendor structures an 
outsourcing or lease deal to provide massive, short- 
term financial benefits with very inflexible terms 
that lock the customer in for a very long time. In do- 
ing so, the customer surrenders future technological 
agility and options. 

The solutions ploy is easy to overcome if the cus- 
tomer can resist buying on impulse. As any retailer 
will readily acknowledge, impulse buying is an im- 
portant factor in retail consumer sales. Regardless of 
whether impulse buying is an appropriate justifica- 
tion for purchasing a new tie or a hanging plant, it 
shouldn’t apply to the acquisition of a multimillion- 
dollar system. I’ve seen too many deals done too 
quickly with too little thought or analysis. 

Most important, a broad-based negotiating team 
should be used to collect and prioritize a 
comprehensive set of negotiating objec- 
tives that represents the entire range of 
necessary professional disciplines men- 
tioned above. Documenting these some- 
times diverse prioritized objectives in a 
position paper for all team members and 
senior managers to sign off on is a key 
step in the process. Then, and only then, 
does your team have a consensus and a re- 
alistic set of needs to use as negotiating 
points. 

Don’t let the bells and whistles that you 
believe you so desperately need divert 
your attention from other considerations, 
such as cost, contractual assurances and 
flexibility. If you refuse to buy on impulse, 
and instead use a comprehensive set of 
negotiation objectives, this ploy should 
not be a problem to overcome. DB 
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Layoffs may 
reduce short- 
term salary 
expenses, but 
the long-term 
consequences 
can be even 
more costly. 
By Julia King 


INCE SALARIES make up the 

lion’s share of corporate 

costs, cutting jobs is one of 

the fastest and most readily 
accessible ways to significantly reduce 
expenses. Layoffs, then, make great 
fiscal sense in the current down 
economy. Right? 

Not necessarily in IT, especially if you 
consider the many and varied long-term 
risks of layoffs, which can range from a 
plunge in worker morale and produc- 
tivity to higher costs for recruiting and 
rehiring technology professionals 
when the economy bounces back. 

“Layoffs aren’t cheap,” says Ken Orr, 
a research fellow at Cutter Consortium, 
an IT consulting and research firm in 
Arlington, Mass. “They’re usually done 
in response to earnings pressure from 
Wall Street, which looks only at [near- 
term] financials. But there are other 
costs associated with layoffs.” 

Consider Cisco Systems Inc., where 
worker productivity plummeted, re- 


Workin a 
Altemmatives | 
‘Io Job Cuts 
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sulting in sales of $470,00 per em- 
ployee in October 2001, down from 
$710,000 a year earlier. In the interim, 
Cisco laid off 8,500 workers, among 
other cost-cutting moves. 


A Different Approach 


A growing awareness of these collat- 
eral costs has companies searching for 
creative alternatives to handing out 
pink slips at the first sign of financial 
distress. Job sharing, shortened work- 
weeks and voluntary pay cuts are 
among the measures companies are 
taking to trim costs before cutting jobs. 
They may not always be 100% success- 
ful, and some layoffs may still eventual- 
ly be required. Yet the long-term value 
of such alternatives — helping to pre- 
serve morale and leaving a door open 
for key employees to return in better 


economic times — is golden, according | 


to managers who have used them. 

“We've already seen a payoff in 
terms of some of the programs we put 
in place,” says Jeff Standridge, the ex- 
ecutive in charge of organizational ef- 
fectiveness at Acxiom Corp., a $1 bil- 
lion database and information manage- 
ment company in Little Rock, Ark. 
About 60% of Acxiom’s 5,000-plus em- 
ployees work in IT. 

Last April, Acxiom instituted a 5% 
mandatory pay cut for all workers (ex- 
cept those earning less than $25,000). In 
exchange, employees received stock op- 
tions equal to the amount of salary they 
forfeited. Acxiom then followed up with 
a voluntary pay cut plan under which 
workers could elect to forfeit up to an 
additional 15% of their pay in exchange 
for twice that amount in stock options. 
More than one-third of employees vol- 
unteered for the additional pay cut. 

“The immediate benefit we received 
from that is when we did get to the 
point of layoffs, we were able to get by 
with laying off half of the employees we 
would have had to lay off otherwise,” 
Standridge says. In June 2001, Acxiom 
laid off 400 people, or 7% of its employ- 
ee base, which now stands at 5,400. 

“The intangible benefit is that 85% 
of our employee population became 
stockholders in the company. They 
have skin in the game, and now the 
company’s future can be determined 
by people with a greater stake in the 
company,” Standridge says. 

When Acxiom does resume hiring, it 
will give preference to laid-off employ- 
ees, who upon leaving were issued a 
special code to use when they submit 
their résumés online. 

“Studies say that it costs one and a 
half to two times their annual salary to 
recruit and train an employee,” Stan- 





| 
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Jobs for Life 


The Lincoln Electric Co. calls it 
“guaranteed employment for life.” 
After working three years at the 
$1 billion Cleveland-based manu- 
facturer, employees are guaran- 
teed a lifelong job at the company 

Memphis-based FedEx Corp. 
has what it calls a “philosophy” of 
no layoffs. That doesn’t mean they 
won't ever occur, but “if we get to a 
layoff situation, it would absolutely 
be as a last resort,” says company 
spokesman Greg Rossiter 

The employment practices go 
by different names, but the spirit 
and business strategies behind 
them are the same. By shunning 
downsizing as a matter of corpo- 
rate values, both companies are 
looking to create a fiercely loyal 
and productive workforce, which 
in turn generates high customer 
satisfaction ratings and bottom- 
line results. And so far, it's a strate- 
gy that seems to work well, in both 
good economic times and bad 

Lincoln Electric ClO Chuck 
Mehiman says he can’t remember 
the last time anyone quit his firm's 
100-person IT group - before or 
since the dot-com boom and bust 

FedEx, meanwhile, has re- 
duced the hours of certain hourly 
workers, such as warehouse em- 
ployees, but so far the company 
hasn't laid off anyone, which 
Rossiter says positions the ship 
ping giant well for when the econ 
omy bounces back. 

“We feel we'll be extremely 
well positioned when the econo 
my does turn up, because we'll 
reap the benefits of morale and 
have avoided the negative impact 
to morale that layoffs engender,” 
Rossiter says. “What differenti- 
ates a company in any services 
industry is its people, and we sim- 
ply can't afford to put that at risk.” 

Julia King 


dridge notes. “Those costs are reduced 
considerably by bringing someone 
back on board that you laid off.” 

Cisco offers employees an option to 
retain one-third of their salaries plus 
their health insurance benefits and 
stock options if they voluntarily leave 
to work for any one of 29 approved 
nonprofit organizations. Cisco said the 
employees don’t earn a salary from the 
nonprofit agencies, nor does Cisco re- 
ceive a tax break under this program. 


“At the end of that time, if they’re in- 
terested in coming back and there are 
positions here, they’re considered 


| [preferred] internal candidates,” says 


Michael Yutrzenka, senior manager for 
community investments. 

So far, about 80 employees have 
signed up for the program, which 
Yutrzenka says costs Cisco about the 
same as a more traditional severance 


| package. The key benefits for the com- 


pany are positive public relations and 
the ability to keep tabs on workers it 
may want to rehire once the economy 
rebounds. 

Prior to laying off 2,500 employees 
beginning last August, Hamilton, 
Bermuda-based Accenture Ltd., a 


| global IT consulting firm, began pilot- 


ing a one-year sabbatical program un- 
der which workers retain 20% of their 
salaries, all benefits, their profit-shar- 
ing allocations, use of a company lap- 
top and access to Accenture’s intranet 
in exchange for taking the year off. Em- 
ployees can travel, take classes and 


| even take another job as long as it’s not 


with an Accenture competitor. At the 


end of the year, the workers also get 


their jobs back — guaranteed. 

With 2,200 U.S. employees signing 
up for the sabbaticals, the program is 
now closed here, but it has been ex- 
panded to Accenture employees in the 
U.K., Sweden, Germany and Japan. 
“The primary goal of the program was 
trimming our costs in the short term 
plus keeping our access to people 
we've spent a lot of time and money 
recruiting and training,” says Larry 
Solomon, Accenture’s partner in 
charge of internal operations. 

“By paying them 20% of their 
salaries, we’re saving approximately 
80% of salary costs plus [future] re- 
cruiting and training costs,” which can 
run as high as $40,000 per employee, 
Solomon says. 

Even though layoffs occurred at Ac- 
xiom, Cisco and Accenture, experts 
agree that having opted to exercise al- 
ternatives first will serve them well in 
the long term. 

“Certain companies know how to 
treat their employees in good times 
and in bad,” says Kazim Isfahani, an IT 
hiring and human resources analyst at 
Robert Frances Group Inc. in West- 
port, Conn. “But it’s in the bad times 
that the good companies really estab- 
lish themselves.” DB 


IT Hiring 2002 


This is the latest in a series of articles on IT Career 
ssues in today’s turbulent job market. Last week, we 


| looked ahead at the 2002 IT hiring forecast. In the Jan 


28 issue, we offer advice on how to survive a pink slip. 


Layoffs 
As a Last 
Resort 


Seven steps to take 
instead of issuing pink slips: 


Oo 


Cut pay. Offer stock options 
in exchange for lower salaries. 


e 


Shorten the workweek 
for hourly and part-time workers. 


© 


Request that workers take 
unpaid time off. 


G 


Pay workers a stipend to leave 
and work short term for a nonprofit. 


© 


Reconstruct staff responsibilities 
so workers can share jobs. 


© 


Launch a formai 
sabbatical program. 


es 


Share IT employees 
with other companies. 


Damage 
Control 


If it comes down to layoffs . . . 


w Look beyond salary. Closely study each 
employee's skills and evaluate how his ab- 
sence will impact future projects and teams. 


w Don’t sit on bad news. Promptly inform 
employees so they can make the most of 
prime IT hiring months. Companies hire more 
technology workers during the first three 
months of the year than during the other nine 
months combined. 


uw Leave the door open. Give laid-off 
employees the first crack at open positions 
when hiring resumes. Acxiom issued laid-off 
workers a special code to flag their résumés 
for future job openings. 
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Its About People, 


Not Numbers _ 


Fear, inaccuracy 
and less-than- | 
honest estimates | 
are all part of the | 
measurement | 
challenge. 

By Melissa 
Solomon 


INCE TELLABS INC. put in 

new procedures for measur- 

ing return on IT investment 

a year ago, “it’s all been 
perfect,” says CIO Cathie Kozik. Then 
she laughs. 

The Naperville, Ill.-based communi- 
cations equipment maker, like most 
companies implementing new ROI 
measurement processes, has faced ob- 


| stacles. The biggest have been resis- 
| tance from an “action-oriented” staff, 
| inaccuracy of business cases and a lack 


| of honesty — from business managers 


The devil is in the details. That's become a 
mantra for Mike Smith, director of e-business at 
Clariant International Ltd., a Muttenz, Switzer- 
land-based specialty chemicals company. 

Smith acknowledges that his team got 
temporarily caught up in the hype of e-business. 
But two years ago, when it looked closely at the 
online tools available for simplifying business 
processes and moving them to the Web, the team 
realized there were no cost-cutting guarantees. 

“Don't assume, like people did in the middle of 
the e-hype, that you have to do it because it’s go- 
ing to save you money,” Smith says. “If you don’t 
get into the detail, you can’t change your business 
processes to get the cost out.” 

By examining purchasing records, Smith and 
his team found that Clariant bought a high volume 


who don’t want to see budget cuts and 
from staffers who worry that they'll au- 
tomate themselves out of their jobs, 
says Kozik. 

“We wound up spending more time 
swapping e-mails about why we didn’t 
want to do it than it took to do it,” she 


| ects that measured ROI. 





| than developing the technology from 


says of one of the company’s first proj- | 


Business unit managers, with help 
from IT, are responsible for determin- 
ing project costs. But to overcome the 
honesty and accuracy problems, finan- 
cial controllers from each unit oversee 
the calculations. 

To reduce cultural resistance, man- 
agers keep business cases simple — a 
page or two. “Don’t make it bureau- 
cratic,” Kozik advises. “Don’t make it 
so long and laborious that people don’t 
want to do it.” 

Curtis Robb, chief technology officer 
at Delta Technology Inc., the IT arm of 
Atlanta-based Delta Air Lines Inc., says 
there are critical issues that business 
cases must address to ensure ROI. The 
first is total cost of ownership. Each of 
Delta’s business teams must develop 
plans that look ahead four years, he says. 
They look at not only the purchase 
price, but also the “tail behind that pur- 
chase price” — hardware, software, 
maintenance and support, Robb says. 

The second issue is finding the right 
level of support. For instance, a round- 
the-clock maintenance contract is wast- 
ed if users can wait a few days fora 
response. “Rightsizing” maintenance 
contracts has helped Delta shed 
$10 million in expenses, says Robb. 

Standardizing technology has also 
helped the company save on training 
and development costs. For instance, 
Delta’s airline operations unit was able 
to cut the development time on a proj- 


ect in half because it used standardized | 


middleware from another project to 
build in real-time capability, rather 





What Lies Beneath 


of low-cost supplies, such as notebooks, printer 
cartridges and laboratory equipment, from cata- 
logs. They also discovered that Clariant’s paper- 
based procurement process added between 
$50 and $100 to each transaction. Storing and 
maintaining backup supplies of machinery parts 
boosted each product's cost by 30% to 50%. 

Smith and his team figured that online pro- 
curement might cut some overhead as well as 
simplify workers’ jobs and free up their time 
so that chemists, for instance, could spend more 
time doing lab work and less time on administra- 
tive tasks. 

That's when the real work began, says Smith. 
Clariant formed three teams. The first group cut 
the company’s multiple maintenance, repair and 
operations suppliers down to a few key vendors 


based on factors such as high-volume discounts 
and reliable service (overnight in many cases, 
which reduced the need te store most supplies). 

The second team, consisting of accounting, 
operations and purchasing staffers, 
analyzed the number of annual pur- 
chases that could be made from an 
electronic catalog and looked at the 
procurement chain to see which 
steps could be cut or streamlined. 

The third team, the IT workers, 
weighed the “e-readiness” of sup- 
pliers and selected the most cost- 
effective technology. All three teams 
worked hand in hand under one 
project manager, says Smith. 

The final step was conducted by a 


SMITH: Working on- 
line won't automati- 
cally save you money. 
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We wound up 
spending more time 
swapping e-mails 
about why we didn’t 
want to do it than it 
took to do it. 


CATHIE KOZIK, CIO, 
TELLABS INC. 


scratch, Robb explains. 

The final issue is time to market. At 
Delta, “solution architects” are as- 
signed to projects from the start to 
help create a blueprint and determine 
a timeline, says Robb. 

Oversight is another way to ensure 
that projects bring returns, says Allan 
Woods, CIO at Pittsburgh-based Mel- 
lon Financial Corp. Woods chairs a 
technology review board that meets 
monthly to review each IT proposal 
over $500,000. Then the projects are 


| brought back to the board each month 


to make sure scope, costs and time 
frames are on target, he says. 

But implementing ROI standards 
must be a gradual process, Kozik 
warns. If Tellabs forced its ROI 
process on workers, “it would have 
collapsed under its own weight,” she 
says. “Instead of going from 0 to 120, 
we're going from 0 to 30, 30 to 60.” D 


steering committee of senior managers who 
convinced workers of the value and simplicity 
of the new system. 

“It has to be real easy,” says Smith. “Easier 
than thumbing through a catalog.” 

If any details were skipped, the 
$2 million project might not have 
met its targeted 30% to 40% 
internal rate of return, says Smith. 
Based on the demonstrated savings 
in Germany, where the pilot took 
place, the online procurement 
process is being planned for world- 
wide rollout, beginning with Brazil, 
France, Switzerland and the U.K. this 
year, he adds. 

~ Melissa Solomon 
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UALITY OF SERVICE. 


AVOIDING EVEN THE SMALLEST MISTAKES. 


QUALITY OF SERVICE. It’s much more 
than giving your customers super service. 
It’s about getting your IT systems to extend 
the courtesy as well. 

That would mean they are available. 
scalable and performing, around the clock. 
But how do you get there. now? 

You start with consulting in the shape of 
IBM Global Services. We'll uncover, and 
eliminate, any technical glitches in your 
infrastructure before they turn into crises 
or customer care problems. 

Then, employ Tivoli® software to ensure 
content is current and always available. If 
there’s ever a problem Tivoli is sure to find 
it long before your customers do. To top it 
off, Tivoli’s security policies can ensure 
your site is always completely protected. 

Right now, together with our Business 
Partner Commercial Ware, we're now helping 


Patagonia, an environmentally conscious 


maker of outdoor clothing. conduct their 
e-business 24 hours a day. Their customers 
can now have immediate access to order 
information at all times, regardless of what 
channel they used to place their orders. 

The result? Patagonia’s customer relations 
have improved and Patagonia.com revenue 
has grown year by year. 

But this is just the beginning. There’s 
more on the way. Soon we'll be seeing self- 
optimized environments: environments with 
systems that are capable of healing, protecting 
and configuring themselves. 

These environments are as flexible as your 
customers, partners and suppliers expect 
them to be. 

Find out all that you can, soup to nuts, 
at ibm.com/e-business/quality. or call 
800 426 7080 (ask for Quality) for our latest 
white paper, Quality of Service - Evolving 


to the Next Generation. 








Project and 
relationship 
management 
skills are key 
to bringing IT 
projects in on 
time and within 
budget. By 
Julekha Dash 


MART MANAGERS aren't using 

tighter budgets as an excuse 

to put IT training on the back 

burner for 2002. Indeed, 
spending on corporate IT and business 
training in the U.S. is expected to in- 
crease by 6.5% next year. growing from 
$22.3 billion to $23.8 billion, according 
to Cushing Anderson, an analyst at 
Framingham, Mass.-based research 
firm IDC. 

And the top training priorities for IT 
managers facing financial uncertain- 
ties and other risks are security and 
business skills. 

Because the budget squeeze magni- 
fies the need to keep IT projects on 
schedule and within budget, a lot of IT 
workers will be sent to training to 
improve their project management 
skills, says David Foote, managing 
partner of Foote Partners LLC, a work- 
force consultancy in New Canaan, 
Conn. Following relatively flagrant 
spending on dot-com projects, com- 
panies have become decidedly more 
guarded about how they spend money 
on IT projects and how well those 
projects are managed. “There is more 
accountability now” and less tolerance 
for projects that go off deadline or 
over budget, says Foote, who is also a 


a 
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US. IT Training Spending 


Among various applications, U.S. IT training is projected to increase most for CRM and ERP software, 
according to IDC. (Dollar amounts are in millions and are based on revenue taken in by training firms.) 


CRM technical training 


ERP (accounting, HR, 
materials management) 


Collaborative applications 
(e-maii, groupware, 
scheduling, conferencing) 


Word processing 


Other (such as business 
performance management) 


Total 


| Computerworld columnist. 


At some companies, managers plan 


| to provide project management train- 


ing that’s more sophisticated and com- 


| pany-specific than training has been in 
| the past. 


For instance, Tim Stanley, vice presi- 
dent of IT at Las Vegas-based casino 
and hotel operator Harrah’s Entertain- 


| ment Inc., plans to hire a training firm 
to help develop project management 


courses that are customized to the par- 

ticular challenges the company’s IT 

workers will face in the coming year. 
Harrah’s IT employees will be certi- 


| fied by the Project Management Insti- 


tute in Newtown Square, Pa., by the 
end of this year or early next year, says 


| Stanley. The specialized project man- 


agement courses will help employees 


| develop expertise in handling systems 
| in the face of mergers and acquisitions, 


developing new software and rolling 
out new systems, he says. 


$1,030 


2003 
$769 


2002 
$599 


1999 
$293 


2000 
$369 


2001 
$469 


$1196 $1480 = $1,781 = $2,123 


$670 
$472 


$687 
$497 


$718 
$525 


$758 
$550 


$819 
$565 


$593 $624 «$652 = $704 $671 


$3,058 $3,372 $3,843 $4,392 $4,948 


For its part, USAA plans to invest 
more in business and soft skills training 
in 2002, says Bob Ingram, the San An- 
tonio-based insurance company’s se- 
nior vice president of property and ca- 
sualty systems. 

For instance, USAA’s training de- 
partment plans to tap line executives 
to teach IT workers how to better han- 
| dle office politics and manage cus- 

tomer relations. Ultimately, the goal of 
| these courses is to “try to run technol- 
ogy as a business,” he says. 

Although USAA plans to invest in 
other training areas, such as security 
and software development, spokesman 
| Tom Honeycutt says the company ex- 
pects to receive the biggest training pay- 
back to be in improving project manage- 
ment and other business expertise. 
That’s because these skills will affect all 
areas of work. 

The company plans to increase total 
| training spending from $7,200 per IT 


| 
| 
| 
| 





| 
| 
| 
| 
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ending to Rise \ " 
usiness, Security Skills 


2000-2005 
CAGR* 


25.1% 


2004 
$990 


2005 
$1,129 


$2,457 $2,775 18.3% 


$904 
$639 


5.6% 
5.2% 


$872 


1.0% 
12.7% 


employee to $10,000. In June, USAA 
was selected by Computerworld as one 
of the top 10 places for IT workers in 
the area of training. 


Security-Conscious 


Not surprisingly, security training 


| will also be a high priority in 2002, ac- 


cording to IT managers and analysts. 
In particular, cybersecurity and disas- 
ter recovery training will be hotly pur- 
sued, says Jerry Luftman, executive di- 
rector and distinguished service pro- 
fessor for the graduate information 
systems programs at the Stevens Insti- 
tute of Technology in Hoboken, N.J. He 
cites high-profile hacking incidents 
last year such as the much-publicized 
infiltration of Microsoft’s Web servers 
in addition to the Sept. 1] terrorist at- 
tacks on the U.S. as serving as spurs to 
that focus. 

“If you’re perceived as weak in secu- 
rity, it could affect whether people 
| want to do business with you,” Luft- 
| man says. 
| USAA plans to spend 10% of its IT’ 
| training budget to enhance its security 
policy training, says Susan Chisholm, 
director of IT learning systems at 
| USAA. This will involve teaching em- 
| ployees what to do if they receive a 
| suspicious e-mail, or what type of 
computer activities are considered 
| normal and what should prompt fur- 
ther investigation, she says. D 


| Dash is a freelance writer in Lewes, Del. 
| Contact her at mail@julekhadash.com 
Some companies are leaning more 


heavily on e-learning to simplify 
training and cut costs. 
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Some Sanity Re 





| Old Economy 


companies that 


offer regular 


paychecks look 


| good again. 


By Pimm Fox 


EACHING THE END of a job 
interview, the human re- 
sources manager asked a 
young engineer who was 


fresh out of MIT, “What starting salary 


were you thinking about?” 
The engineer said, “In the neighbor- 


| hood of $125,000 a year, depending on 
| the benefits package.” 


The interviewer said, 
“Well, what would you say to 
a package of five weeks’ vaca- L——_— 


tion, 14 paid holidays, full medical and 
dental coverage, a company-matching 


retirement fund of up to 50% of salary, 


| and a company car leased every two 
years — say, a red Corvette?” 


The engineer sat up straight and 
said, “Wow! Are you kidding?” 
The interviewer replied, “Yeah, but 


you started it.” 


opinion | | 


This apocryphal sce- 

| nario accurately describes 

| the upheaval in IT recruiting. The 

| hockey stick of big bennies and stock 

| options has given way to hard-core 

| power plays. As layoffs at once high- 
flying and seemingly invincible IT ven- 
dors such as Cisco Systems Inc. and 

| Sun Microsystems Inc. and hundreds 
of Internet bombs push IT talent and 
experience onto the market, the law of 
supply and demand appears to finally 
be taking hold. 

This means greater availability of ex- 
perienced IT workers, salaries that are 
more in line with traditional corporate 

| compensation, more lever- 
age for hiring managers 
and all the fancy Aeron 
chairs you might want — 
i fjre-sale prices. 
According to 
;——_—_——_ Ravi Aron, assis- 
tant professor of opera- 
tions and information man- 
| agement at the University 
of Pennsylvania’s Wharton 
| School in Philadelphia, the 
tech bubble of stock mar- 
ket valuations created an 
artificial inflation of value 
| when it came to hiring IT 


PIMM FOX is 
Computerworld’s West 
Coast bureau chief. 
Contact him at pimra_fox@ 
computerworld.com. 


| talent. “If you consider IT as a scarce 
resource to be allocated, it responds to 
| market prices,” says Aron, “and you 
| had a situation in which the artificial 
| market cap of companies was used to 
| drive up the salaries and compensation 
of IT personnel.” 
The acute shortage of qualified IT 
professionals even drove Congress 
to increase the availability of H-1B visas. 

“Of course,” Aron says, “you would 

rather work for a company that prom- 

ised you lots of money in the sexy 

Internet sector than working at some 

place like a Boeing.” 

But the economics were flawed, like 
| purchasing gold with tulips. So now, IT 
job applicants are asking questions 
such as: What’s the salary? Is this com- 
pany going to be around next year? 

Does it have real customers? 

Companies are now able to hire IT 
workers whose maturity and under- 
standing of technology value are more 
closely aligned with more prosaic ar- 
eas of the enterprise, such as middle- 
ware and legacy system integration. 

Happily, the technology expertise 
needed to link internal, back-end sys- 
tems isn’t that dissimilar from that 
needed to develop and integrate 

flashier front-end, Web- 
enabled ones. 

“The big difference is in 
more complex project de- 
sign and management,” 
says Aron. 

That’s the type of IT de- 
signed to bring value to a 
company by cutting costs 
and improving efficien- 
cies. And so what if it isn’t 
part of the New Economy? 
It’s more satisfying and re- 
warding to be part of the 
permanent economy — 
and the pay is better. D 


ne ee 


Poor Layoff Practices 
Cause Long-lerm Damage 


70% of laid-off workers wouldn't recommend that others work at their 


former company 


67% would never work for the company again, even if offered a job 


54% wouldn't recommend the company’s products or services 


Base: Online survey of 1,200 laid-off workers (November 2001) 


RCE. ANDERSEN 


Employers to P 


‘lop Dollar for 


Job title 

Database manager 
Disaster recovery specialist 
ERP integration manager 


rt Sree ialists 


2002 Change 
salary range from 2001 

$83,000-$114,000 Up 4.8% 

$57,000-$86,000 Up 3.1% 


$76,000-$103,250  Up2.9% 
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_Cybercops. Digital sleuths. Call them 
what you will, the emerging ranks of IT 
forensics professionals not only solve 

_ systems crimes — they can also add to 
| the bottom line. By Deborah Radcliff 


OMETHING LOOKED FISHY 

in PayPal Inc.’s merchant 

account system. Late in 

2000, hundreds of new 

accounts were being 

opened under the same 
names, including Hudsen and Stivon- 
son. PayPal’s antifraud team was dis- 
patched. Investigators tied the ac- 
counts to a single IP address that used 
Perl scripts to automatically fill in ap- 
plications that opened the accounts us 
ing stolen credit card numbers. 

Those accounts were then used to 
purchase approximately $100,000 of 
computer equipment on eBay. And, 
from the looks of things, preparations 
were being made to turn credit into 
cash by depositing charges as pay- 
ments into the PayPal accounts and 
then to an outside bank account. 

That’s when the FBI called asking 
for help examining the computers of 
two suspects from Russia with PayPal 
account information on their comput- 
ers. PayPal’s evidence and support 
helped the FBI charge Alexey Ivanov 
and Vassili Gorchkov with multiple 
counts of wire fraud in May. 





following conversation on an In- 


Forensics Clues 


Observing cybercrooks in its midst 
last summer helped PayPal devel- 
op a pattern-analysis fraud pre- 
vention tool that has greatly re- 
duced its fraud rates. In late Octo- 
ber, PayPal’s chief technology offi- 
cer, Max Levchin, who is original- 
ly from Ukraine, deciphered the 


ternet Relay Chat channel used by 
Russian credit card thieves. 


Thief No. 1: What's the deal with PayPal? 
- | add some fresh cards in, they restrict 
immediately! 


Thief No. 2: They see every little thing 
there now. Before, | had an account there, 
everything was cool. But then someone 
sent me some cash, and they just restrict- 
ed the account. In short, PayPal is no good 
anymore. 





Thief No. 3: It's time to move on to 
something new 


| 
| 
| 
! 
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But PayPal’s cybersleuthing also im- 
proved PayPal’s bottom line by leading 
to the development of a pattern-match- 
ing fraud prevention system that has 
reduced PayPal fraud rates to 0.5% — 
well below than the average e-business 
fraud rate of 1.3% to 2.6%, according to 
Stamford, Conn.-based Gartner Inc. 

“We found tremendous value in hav- 
ing these skills in-house,” says Ken 
Miller, director of the 75-person fraud 


| control group at PayPal, a Palo Alto, 


Calif.-based online payment processor. 
‘A lot of our competitors have gone 
out of business because of fraud. We 
were able to drop our fraud rate signif- 
icantly.” 

Because more and more evidence is 
digital these days, people with exper- 
tise in computer forensics and net- 
work/Internet investigations are being 


| called upon to answer such questions 


as how someone got in, what systems 
were affected and how, how to repair 
them and how to prevent such inci- 
dents from happening again, says John 


Tan, research scientist of forensics at 


@Stake Inc. in Cambridge, Mass. 
While forensics and investigative 


| work are each highly specialized, they 


both require similar skills: strong net- 


| work and systems engineering exper- 


tise (to know where evidence, includ- 
ing erased files, hangs out on the net- 


| work), the ability to think analytically, 


an inclination toward thoroughness be- 
yond tedium, knowledge of hacking 
tools and techniques, and the ability to 
follow your nose, say forensics profes- 
sionals and employers. An investiga- 


Forensic 
Detectives 
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tive background in government, the 
military, law enforcement, or banking 
and legal support is also important. 

Using freeware and commercially 
available tools, a computer forensics 
investigation starts with a mirror-im- 
age backup of a computer system and 
then proceeds with keyword searches 
through commonly used applications, 
file systems and the slack space where 
erased data resides until overwritten, 
says Charles Neal, vice president of 
cyberterrorism detection and incident 
response at Exodus Communications 
Inc., a Santa Clara, Calif.-based pro- 
vider of Internet hosting services for 
businesses. 

In a recent case where a client sus- 
pected an IT group of sabotaging its 
systems, a forensics examination of the 
file directories, e-mail files and slack 
space on the suspects’ hard drives 
linked the suspects to a disgruntled 
former executive who was acting as 


the master saboteur, says @stake’s Tan. 


This evidence was presented to the 
disgruntled IT employees when they 
were fired to discourage them from fil- 
ing a wrongful termination suit. If they 
do file suit, the employer can present 
the evidence in court. 

The key to forensics is the ability to 
follow your nose, a skill most com- 
monly found among those with law 
enforcement backgrounds, like Neal. 
Once a special agent at the FBI, Neal 
led the investigations of the infamous 
Kevin Mitnick and Mafiaboy. 

But innately curious technologists 
like Dave Dittrich also fit the bill. Dit- 
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trich, senior security engineer at the 
University of Washington in Seattle, is 
well known in the forensics communi- 
ty. His prolific documentation (www. 
washington.edu/people/dad) on attack 
methods and viruses is invaluable to 
anyone pursuing a career in forensics. 

“I grew into security and forensics 
work because I like to know the nitty- 
gritty of how things work,” says Dit- 
trich, who trained himself to use C and 
Unix while working at The Boeing Co. 
prior to joining the university as a sys- 
tems administrator. 

“As more of my computers got com 
promised, I learned more about securi- 
ty and hacking tools,” he says. “I was 
reverse-engineering things like the 
TrinOO virus, and at the same time con 
tinued to grow my networking knowl- 
edge by reading a lot in my off hours.” 


Techno-legalities 

Increasingly, companies are hiring 
forensics and incident-response con- 
sultants to uncover the sources of 
fraud, intellectual property theft or 
employee misuse. Forensics also plays 
a role in corporate due diligence work, 
says Michael Anderson, founding pres- 
ident of New Technologies Inc., a 
5-year-old forensics consulting and 
support firm in Gresham, Ore. 

People in this field need to know not 
only where evidence might reside on a 
network but also how to retrieve it. 
And, if there’s any possibility that the 
evidence will appear in court, it must 
be gathered legally, says Tom Arnold, 
CEO of CyberSource Corp., a Moun- 


tain View, Calif.-based payment and 
risk management service for online 
merchants. Therefore, investigators 
must be meticulous when gathering 
and logging information, and they 


| should adopt standard procedures for 


gathering evidence. 

“If we’re tracing a scam site, we need 
as much information as we can gather 
— where the money is, where the cred- 
it card accounts are, hosting compa- 
nies, who’s aiding and abetting, and so 


| on,” says Chris Brandon, president of 


Quick 


Brandon Internet Services, whose 
clients include backbone and service 
provider organizations. “We validate 
and document the evidence, then turn 
it over to our clients or sometimes to 
the authorities, and tell them to look 
for themselves and check it all out.” 

Brandon and others say the work is 
rewarding, particularly since they can 
get done in hours what takes weeks or 
months through court and law enforce 
ment channels. Exodus’ Neal concurs. 

In the private sector, says Neal, in- 
vestigations are built on relationships 
between affected parties — not on ju- 
risdictional and international laws. 
“When I was in the FBI, if I called up 
UUNet to say one of its IP addresses is 
attacking us, they’d ask me for a sub- 
poena,” Neal says. “[Now] UUNet co- 
operates with us because the next day, 
the shoe’s on the other foot, and they’ll 
need our help.” D 


Find forensics training resources 
and take a look at the ideal forensics 
job candidate on our Web site: 
www.computerworid.com/q?1450 


Link 


A lot of our com- 
petitors have gone 
out of business 
because of fraud. 
We were able to 
drop our fraud rate 


significantly, 


Nia Ss ee 
FRAUD CONTROL GROUP, PAYPAL 





Job Watch 


HIRING OUTLOOK: 

Despite a new interest in forensics 
work since the Sept. 11 terrorist at- 
tacks, forensics placements are still 
slow, according to Tracy Lenzner, 
founder and president of Lenzner- 
Group, a security job recruitment firm 
in Las Vegas. Currently, Lenzner has 
over 100 résumés on file but no jobs 
to offer her clients. But Lenzner and 
prospective employers expect the 
market to pick up in eight months. 
Salary range: Hands-on forensics 
analysts: $85,000 to $120,000; 
Directors: $110,000 to $160,000 
Add 10% for consulting. 


SOURCE, LENZNERGROUP 


REQUIRED SKILLS: 

Computer forensics: This field re- 
quires the ability to analyze systems 
to uncover evidence in such places as 
unallocated slack space (where delet- 
ed files remain until overwritten); tem- 
porary files; hex files; log files; directo- 
ries; applications like e-mail, Word 
and Excel: and hardware such as 
read-only memory and flash BIOS. 
Forensics professionals must know 
procedures and tools for evidentiary 
image backup and documentation. 
Forensics plays a role in civil litigation 
and in investigations of intrusions, 
employee misuse or wrongdoing, and 
intellectual property theft. 


Network investigations: This in- 
volves tracking intrusions and out- 
bound intellectual property leaks 
through TCP/IP networks and across 
multiple jurisdictions by analyzing In- 
ternet Protocol addresses, system 
logs and packet header information. 
You must also know how to set up 
network sniffers (listening and log- 
ging software), observation traps and 
domain name lookups. Maintaining 
relationships with backbone service 
providers, telecommunications firms 
and hosting services is also key. 


internet investigations: People in 
this field document evidence of 
scams and frauds conducted over the 
Web through IP lookup tools, domain 
name registries and other public 
sources of information. An under- 
standing of TCP/IP networking, log- 
ging, network addressing and packet 
headers is required. 

- Deborah Radcliff 


To read case studies illustrating the tools 
to nab criminals, see page 36. 








BUSINESS 


Dear Career Adviser: 


In your response to “Lost in Arizona” [Business, Dec. 3], 
you mentioned that becoming an independent consultant 
requires significant tax reporting. What do I need to do 
to go out on my Own? — CONTRACT CONSULTANT 


Dear Contract: 

In the 1990s, self-employ- 
ment boomed for contract re- 
cruiters and technical consul- 
tants alike. But more recently, 
demand for unemployment 
compensation benefits has 
soared, and independent con- 


| dependent consultant” vs. 

| “temporary employee” and 

| whether additional taxes are 
| due on both federal and state 
| levels. 


from consultant to employee 
| status can mean additional 
taxes and penalties for the 


Reclassifying someone 


number and develop a client 
list showing that you serve 
more than one company at 

a time. 

You can also bolster your 
independent status by get- 
ting your company included 
on a client’s vendor list as 
an approved supplier. I 


| would advise you to do this 


Dear Career Adviser: 

I’m a Unix systems adminis- 
trator who is being offered a 
new position, but I’m not sure 
about the category of exempt 
vs. nonexempt. All the company 


| has told me is that exempt 
| means that they don’t have to 


pay me overtime. Is there more 
to it than that? 
— OVERTIME Pay 


| Dear Overtime: 


Generally speak- 
ing, the Fair Labor 
Standards Act of 
1938, also known 
as the “wage and 
hours” law, estab- 


| lishes categories 


of workers and 
specifies whether 
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wages, including overtime pay. 
Exempt employees, usually 
professional or management 
staffers, aren’t paid on an 
hourly basis and are therefore 
exempt from overtime pay. 
The law has some excep- 
tions, however, and IT profes- 
sionals who earn at least $27.60 
per hour or $170 per week and 
whose primary duties fall into 
certain categories are exempt. 
Here’s a more meaningful 
explanation: Exempt jobs are 
the preferred track 
for a professional 
career path and 
management, says 
John Tebbets, ex- 
ecutive vice presi- 
dent at JDT Staf- 
fing Consulting 
Inc. in Brentwood, 
Calif. Therefore, 


| employer. It can also create 
| financial consequences for 
| the consultant. 
Therefore, you might want 
to establish your business 
| as acorporate entity witha 
| federal tax identification 


tractor consulting revenues 
have plunged. 

The result if that state un- 
employment agencies and 
the Internal Revenue Service 
carefully scrutinize whether 
a worker’s true status is “in- 


you are actually 
being offered a 
professional job 
whose category in- 
dicates a good fu- 
ture. Take it. D 


by making sure your work 
agreements are between the 
company and your business 
entity, rather than between 

| your client and you as an 

| individual. 


| they’re entitled to 
hourly and over- 
time pay. 
Nonexempt em- 
ployees generally 
receive hourly 


FRAN QUITTEL is an expert 
in high-tech careers and 
recruitment. Send 
questions to her at 
www.computerworld.com/ 
career_adviser. 








Its All Critical in a 
Department of One 


With all the focus on IT as a 
strategic priority and on vi- 
sionary IT leadership, it’s 
sometimes easy to forget the 
little guys who like to roll up 
their sleeves and dig inte a 
networking conundrum and 
who keep their companies 
humming along smoothly. It’s 
also easy to forget that some 
companies run just fine with- 
out a CIO and a full-blown 
IT management staff. 

Bob Johnston is the lone 
IT empioyee at CJRW, an 
award-winning, $70 million 
advertising and public rela- 
tions firm — and he likes it 
that way. While his job is 
largely operational, he none- 
theless feels that he’s con- 
tributing to the company’s 
strategic mission. 


: Major clients: Alltel Corp., 
Arkansas Parks and Tourism, 
: Claudia’s Canine Cuisine, 
NutriPeak.com and Horn- 
: beck Seed Co. 


Who do you report to? The 
: operations director. 


Number of employees (end 
: users): About 130. 


: Mission-critical systems: 


E-mail for communication 


with our clients, and a job- 
: tracking system called JMS 
: (Job Management System) 
: developed for us by a com- 
: pany in New York. It’s an 

: Oracle database system for 
: tracking billable hours. We : 
; don’t have client extranets or } 
? an intranet — we just use : 


: e-mail and sneakernet be- 

? cause we're all so close any- 
i way. We have an Ethernet 

: network running Apple- 

: Share, with AppleShare file 
: servers and a Windows NT 


” 


: file server. 


: Major IT projects: “Just your 

? standard desktop computer 
replacements and upgrades. 
: We're mainly a Mac shop. 

i We're looking at upgrading 


: to the OS X operating system 
i this time next year, but there : 
: are very few applications for : 
: it now. James Little [from the } 


company’s Imazing Web ser- : 


vices division] is developing 
a contact management data- 
base for use in his depart- 
ment. If it works out, we'll 
implement it on a depart- 
ment-by-department basis.” 


IT training in 2002: “I’m look- 


ing into Windows 2000 
client training.” 


Employee reviews: Annual. 
Bonus programs: “We're 


ESOP-based, so employees 
get a percentage of rev- 


CJRW 


Type of business: A regional adver- 
tising and public relations firm 


Main location: Little Rock, Ark., with 
a Satellite office in Fayetteville, Ark. 


Interviewee: Bob Johnston, systems 
administrator 


Tenure: Since August 1992 


enues in the good years.” 


Workday: “Formal hours are 8 
to 5. lusually get here any- 
where between 4:30 and 6:30 
in the morning and leave be- 
tween 5 and 6.” 


What's your biggest challenge 
as the solo IT person in your 
office? “Trying to educate 
employees that a lot of the 
bells and whistles and frills 
on computers are not always 
the best thing for the busi- 
ness. Like screen savers. And 
MP3 devices. So many of 
them have software that con- 
flicts with our system.” 


Do you feel you’re contributing 
to the company’s strategic mis- 
sion? “Yes. I make sure the 
company gets the right 
equipment, and I make sure 
we use it. I have a good 
working relationship with 
my users. They leave the IT 
issues up to me and trust me 
to help them out.” 
- Leslie Jaye Goff 
Igoff@ix.netcom.com 
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NICHOLAS PETRELEY 


Fast Double-Ialking 


ANY THANKS to a reader named Kevin, who identified 

some eye-opening limitations in the new Windows XP 

feature called fast user switching. Fast user switching is 

Microsoft’s version of multiuser computing. The feature, 

introduced in Windows XP, lets two or more users log in 
to the same computer at the same time. 


aay 
ON THE CASE 


Businesses with intellectual prop- 
erty and online customers to pro- 
tect are increasingly conducting 
cyberforensics investigations to get 
to the bottom of electronic crimes 


CHIP TALK 


Pat Gelsinger, chief technology of- 
ficer at Intel, discusses 64-bit com- 
puting and other emerging tech- 
nologies that will have an impact 
on corporate IT. PAGE 38 


SAVING MEMORIES 


The Shoah Foundation is using 
digital asset management tech- 
nology to ensure that the stories 
of Holocaust survivors will live on. 
PAGE 40 


Say 


Upgrading a laptop hard drive 
ought to be simple with kits made 
specifically for the purpose. Unfor- 
tunately, reviews editor Russell 
Kay struck out. But he’s still hope- 
ful. PAGE 43 


Installing a system for e-signatures 
seems like a good idea, but when 

a user’s idea of a digital signature 
is a little different from what Vince 
Tuesday has in mind, our security 
manager’s week goes rapidly 
downhill. PAGE 44 





Fast user switching is about as new to computing 
as the Charleston is to dancing. But it’s a novel expe- 
rience for Windows users. I suggested in my Nov. 5 
column, “Lowered XPectations,” that Microsoft 
called it fast user switching instead of multiuser 
switching because Microsoft has been calling Win- 
dows NT multiuser since its inception but is just de- 
livering the feature now. After looking into the issues 
Kevin raised, I'll have to retract that. Microsoft is 
probably calling it fast user switching because Win- 
dows XP still isn’t a multiuser system. 

For example, according to Microsoft, you can’t en- 
able fast user switching at the client if your comput- 
er belongs to a Windows server domain. The compa- 
ny doesn’t explain why this limitation exists, but I 
can guess at least one reason. Each machine ona 
Windows network has a unique NetBIOS name. I’m 
guessing that Windows domain servers arbitrarily 
associate every active user connection with the Net- 
BIOS name of the machine a person used when he 
logged on. This means you can log on simultaneous- 
ly from several machines as the same user, because 
the Windows domain server can distinguish among 
the various sessions by looking at the unique Net- 
BIOS name for each machine. 

As long as Windows clients were single-user sys- 
tems, this approach worked fine because there was 
only one way to initiate two connections with the 
same NetBIOS name: You had to give two different 
client machines the same NetBIOS name, 
which would mean that your network was 
misconfigured. 

Because fast user switching makes it pos- 
sible for multiple users to log in from the 
same machine, it introduces a legitimate 
scenario where two or more users can try 
to authenticate against a Windows domain 
from a machine with the same NetBIOS 
name. Since Windows network services 
are still in the Dark Ages of single-user 
computing, the domain server probably 
still thinks your network is misconfigured 
and flags the attempt as an error. 





NICHOLAS PETRELEY is a 
computer consultant and 
author in Hayward,Calif. 

He can be reached at 
nicholas@petreley.com. 


Sometimes this kind of problem can be solved 
properly only if you upgrade every Windows ma- 
chine on your network, servers and clients alike. Yet 
Microsoft solves it by disabling fast user switching 
when your computer is a member of a network do- 
main. There’s only one reason Microsoft would pass 
up a golden opportunity to force customers to per- 
form a companywide upgrade, in my perhaps slightly 
jaded opinion, and that’s because the problem is too 
difficult to solve without breaking all of its other ap- 
plications. 

So I’m wondering if Microsoft designed Active Di- 
rectory around the assumption that there would be 
only one unique NetBIOS name for every user con- 
nection. If so, Microsoft will have to give Active Di- 
rectory, along with every Office application designed 
to use it, a major overhaul before Windows servers 
can accommodate multiuser clients. The solution 
would still lead to a companywide upgrade, but it 
isn’t something Microsoft can fix quickly. That may 
be why it had to take the quick and dirty route. 

Kevin also found out that you can’t use fast user 
switching and the off-line folders feature at the same 
time. Off-line folders let you disconnect from your 
company network and continue to work on docu- 
ments that would normally be stored on network 
drives. You can synchronize any changes you make 
the next time you reconnect. If you use this feature 
from home, then your daughter can’t play a game on 
your computer unless you close all your 
applications and log out first. 

As one might expect, none of these prob- 
lems exists in a Unix or Linux environ- 
ment. I have no problem authenticating 
multiple users against my Linux server 
from the same machine, and any of these 
users can use Unix utilities such as rsync, 
which prevides the same features as off- 
line folders. 

No doubt Windows will catch up even- 
tually. But I think Windows XP is shaping 
up to be the best argument for a mass mi- 
gration to Linux. D 
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Cybersleuthi 


OLVES THE 


Computer forensic investiga- 
tors use a variety of methods 
and tools to nab cybercrimi- 
nals. By Deborah Radcliff 


USINESSES WITH INTELLECTUAL property 

and online customers to protect are in- 

creasingly calling on cyberforensics inves- 

tigators to get to the bottom of cases of 

employee wrongdoing and electronic 
crimes. “People are calling us when they find mali- 
cious software installed on their servers, when 
they’re leaking sensitive information, when they sus- 
pect employee harassment — even in cybersquatting 
cases,” says Ed Skoudis, vice president of ethical 
hacking at Predictive Systems Inc., a technology ser- 
vices firm in New York. 

Forensic techniques vary depending on the type of 
investigation. For example, some investigative firms, 
like Brandon Internet Services, simply track and 
trace over the Internet and sort through other pub- 
licly available electronic records. Large businesses 
use cyberinvestigators to set up alarms and traps to 
watch and catch intruders and criminals within their 
networks. 

To show a cross-section of different types of 
cyberinvestigations and the tools used to conduct 
them, Computerworld profiles three ways that 
organizations have dealt with crime —and some- 
times criminals — in their midst. 


The Case of the Freaky Accounts 


® How techniques of Internet and database investiga- 
tions thwarted two prolific Russian “carders” (credit 
card thieves): 

There were too many Hudsens and Stivensons 
opening accounts with PayPal Inc., an online pay- 
ment processing company in Palo Alto, Calif. John 
Kothanek, PayPal’s lead fraud investigator (and a 
former military intelligence officer), discovered 10 
names opening batches of 40 or more accounts that 
were being used to buy high-value computer goods 
in auctions on eBay.com. So PayPal froze the funds 
used to pay for the eBay goods (all to be shipped to 
an address in Russia) and started an investigation. 

Then, one of PayPal’s merchants reported that it 
had been redirected to a mock site called PayPal. 











COMPUTERWORLD January 14, 2002 


Kothanek’s team set up sniffer software, which catch- | 
es packet traffic, at the mock site. The software 
showed that operators of the mock site were using it | 
to capture PayPal user log-ins and passwords. Inves- 
tigators also used the sniffer to log the perpetrators’ 
own IP address, which they then used to search 
against PayPal’s database. It turned out that all of the 
accounts under scrutiny were opened by the same IP 
address. 

Using two freeware network-discovery tools, 
TraceRoute (www.tracert.com) and Sam Spade 
(www.samspade.org), PayPal found a connection 
between the fake PayPal server address and the ship- 
ping address in Russia to which the accounts were 
trying to send goods. Meanwhile, calls were pouring 
in from credit card companies disputing the charges 
made from the suspect PayPal accounts. The perpe- 
trators had racked up more than $100,000 in fraudu- 
lent charges using stolen credit cards — and PayPal 
was fully liable to repay them. 

“Carders typically buy high-value goods like com- 
puters and jewelry so they can resell them,” says Ken 
Miller, PayPal’s fraud control director. 

PayPal froze the funds in those accounts and began 
to receive e-mail and phone calls from the perpetra- 
tors, who demanded that the funds be released. 

“They were blatant,” says Kothanek. “They 
thought we couldn’t touch them because they were 
in Russia.” 

Then PayPal got a call from the FBI. The FBI had 
lured the suspects into custody by pretending to be a 
technology company offering them security jobs. 

Using a forensics tool kit called EnCase (www. 
encase.com), Kothanek’s team helped the FBI tie its 
case to PayPal’s by using keyword and pattern 
searches familiar to the PayPal investigators to ana- 
lyze the slack and ambient space — where deleted 
files remain until overwritten — on a mirror-image 
backup of the suspects’ hard drives. 

“We were able to establish a link between their 
machine’s IP address, the credit cards they were us- 
ing in our system and the Perl scripts they were us- 
ing to open accounts on our system,” Kothanek says. 

The alleged perpetrators, Alexey Ivanov and Vas- 
sili Gorchkov, were charged with multiple counts of 
wire fraud in May. Gorchkov was convicted in Sep- 
tember on 20 counts of wire fraud and is awaiting 
sentencing. Ivanov is still awaiting trial. 


The Case of Mastering the Zombies 


= How a systems and network examination helped the 
University of Washington kick a cracker out of 30 of its 
systems: 

The calls started on July 1. Frantic administrators 
were asking why subnets and IP addresses from 
Dave Dittrich’s 50,000-node network were scanning 
and flooding them with denial-of-service (DOS) 
packets. “We were shutting affected machines off as 
we found them, but at one point, we had over 30 of 
our systems scanning and sending DOS attacks to 
over 9,000 targets,” says Dittrich, senior security en- 
gineer at the University of Washington in Seattle. 

Using Irvine, Calif.-based Foundstone Inc.’s Fport 
scanner (www.foundstone.com/rdlabs/tools.php? 
category=Intrusion+Detection), Dittrich’s team locat- 





ed directory and file names uncommon to the Win- 
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Following the Evidence 


Digital forensics provides the clues to help 
answer these questions: 

» How did someone break in? 

> What systems are affected and how? 

> How do we fix it? 

» How do we prevent it from happening again? 
dows operating systems he ran on the network. The 
program also showed that all of the unusual directo- 
ries and files were running communications through 
the same active, high-level port, which was also un- 
common to standard configurations. 

“That tipped me off that I should be listening to 
network traffic to and from that port, so I set up snif- 
fers on those ports,” Dittrich says. 

Dittrich used a freeware sniffer called TCPDump 
(www.tcpdump.org), which captured the unusual 
traffic going to and from Internet Relay Chat redirec- 
tors commanding his machines to send the scans and 
DOS attacks. Dittrich unplugged the compromised 
machines from their wall jacks and, with a team of 40 


| people, spent two weeks contacting 9,106 down- 


stream targets, reformatting the hard drives on com- 


| promised machines, and patching the Unicode vul- 


nerability the attacker used to get in. 
“It takes detailed network and host forensics to de- 
termine what type of malware is installed on the sys- 


; tem and how it functions,” he says. “That’s why I post 


my findings to the general public: to help improve 


| ice — ye 
| the training in forensics. 


Dittrich’s work, including details of the July attack, 
can be found at www.washington.edu/people/dad. 


The Case of the Sneaky Engineer 


® How forensics examinations of many machines 
helped one company retrieve its intellectual property 
and stop the bad guy from using it again: 

An engineer left a West Coast manufacturing com- 
pany, which we’ll call Company A due to pending liti- 
gation. When that same engineer turned up at Com- 
pany B, a competitor, in September earning $10,000 
more than market rate, Company A’s executives wor- 
ried that some of their intellectual property had been 
transferred to the competitor. Company A’s execu- 
tives filed a court motion for discovery, and then 





called New Technologies Inc. (NTD, a computer 


| forensics support and training firm in Gresham, Ore. 


In cases like this one, forensics rules must be 
strictly followed or evidence won't be accepted in 
court. The first rule is to not tamper with evidence, 


| so NTI’s team made a mirror image of Company A’s 


engineering servers and the perpetrator’s old com- 
puter. To do that, they used a tool called SafeBack, 
which captures and time-stamps the perpetrator’s 
hard drive contents without altering the original, 
says Paul French, lab manager at NTI. 

While NTI investigators found signs of file copy- 
ing to removable media in the engineer’s computer at 
Company A, French’s team couldn’t find empirical 


| evidence of wrongdoing there. So under a court or- 


der for discovery. the NTI team then searched the 
suspect’s home computer. 

Using another NTI file search utility called 
FileListPro, the NTI team found that several product 
engineering drawings had been copied onto the 
home computer after the engineer had left the com- 


| pany. (FileListPro tells when a file has been created, 


accessed and modified.) 
The engineer claimed that the clock on his com- 
puter had malfunctioned and that the drawings were 


| copied while he was employed at Company A. But 
| simple deduction told a different story. The date ona 


letter written in the same time period corresponded 
with the machine’s time stamp on that letter. 

This was enough evidence to prompt an investiga- 
tion of the engineer’s machine at his new employer. 
The team found drawings that were similar to those 
from Company A, but with some differences. But 
through searches using keywords like diagrams and 
the name of Company A, French says his team found 


| an e-mail trail on the engineer’s new desktop that 
| “cinched it.” The e-mails, which passed between the 


engineer and his girlfriend, detailed their mutual 
possession of the diagrams in question. One written 
by the engineer said that the investigators wouldn’t 
be able to tie anything back to them. And another, 
written by the girlfriend, asked the engineer what he 
wanted her to do with the drawings he’d sent her. 
The result: “a court injunction against this engi- 
neer and his company developing products based off 


| our client’s intellectual property,” French says. “If 
| they do come out with a widget too similar in design, 


they'll slap them with criminal charges.” D 


MORE 


To learn about the skills needed to pursue a career as a computer forensics 
investigator, see page 32. 


We were shutting affected machines off 
as we found them, but at one point, we had 
over 30 of our systems scanning and sending 
DOS attacks to over 9,000 targets. 


DAVE DITTRICH, SENIOR SECURITY ENGINEER, UNIVERSITY OF WASHINGTON 
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Intel Puts 
Its Chips on 
The Table 


Pat Gelsinger, vice president and chief technology offi- 
cer at Intel Corp., leads Intel’s Corporate Technology 
Group in Hillsboro, Ore., which includes the Intel 
Architecture Lab and Intel Research group. He also 
contributed to the design of Intel’s original i286 and 
i386 CPUs. Computerworld’s Linda Rosencrance asked 
Gelsinger to comment on emerging technologies that 
will affect corporate computing. 


Of the interconnect technologies Intel is working on, which 
ones are likely to have the biggest impact on corporate 
computing? The five that I’m really excited about 
are optical, high-speed Ethernet, 3GIO (third- 
generation I/O), Serial ATA (Advanced Tech- 
nology Attachment) and Infiniband. Those to 
me are the ones that redefine connectivity in 
the enterprise and in the data center in a funda- 
mental and dramatic way. 

What other technologies are likely to have a significant 
impact? Our goal with the Itanium processor 
family is to rearchitect the data center of the 
future. Today, that’s filled with proprietary 
RISC-based machines, and our job is to move 
those to standard building blocks. 

Will the IA-64 processor commoditize the 64-bit server 
market as the Pentium has done in the [A-32 space? 
[With IA-64], we're trying io deliver a building 
block for big-iron machines. It’s not that those 
other ones are bad; they’re all different, they're 
all incompatible, they're all forcing investment 
in areas that no longer are the things that IT 
cares about. 

Intel has announced the 2-GHz Pentium 4 processor. How 
fast can you go? We're on path to deliver multi- 
billion transistor chips in the next decade, oper- 
ating in excess of 25 GHz. We’re going to keep 
pushing away at clock speed. However, clock 
speed alone will become less and less a deter- 

ninant of performance as we look forward to 
things like hyperthreading. 

How will that work? Hyperthreading is the idea of 
doing more than one thing at once. In today’s 
applications, when you finish one set of instruc- 
tions, you go on to the next set of instructions 
and so on. In the future, we [will] have the tran- 





WHO IS HE? 


Intel Vice President and 


Chief Technology Officer 
Pat Gelsinger, 40, comments 
on the future of 64-bit 
computing and other 
new technologies that will 
affect corporate IT. 


sistor budgets and the technologies to have one 
microprocessor doing more than one thing at a 
time. This is reasonably well established in 
servers or high-end computing. We want to... 
bring this into the mainstream of computing. 
You'll see the first implementations start to 
emerge next year. 

What optical technoiogies are you developing that will af- 
fect IT? Optical redefined long-haul networking 
over the last decade. Over the next decade, [it] 
will have dramatic implications for metropolitan 
and campus data centers. We want to... get to 
the point where we're building direct optical 
interfaces onto our silicon component. That’s a 


Ouic 
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long-term vision, but ... where an optical inter- 
face component might cost $10,000 today, over 
the next decade, I want to make it cost a penny. 

I don’t see [Intel building] optical transis- 
tors and things like that .. . in the near future, if 
ever. 


Will applications need to change to leverage hyperthread- 


ing? Maybe. If Microsoft builds in the ability to 
have an operating system and a networking 
stack and the printing daemon running in par- 
allel, and it’s all part of the operating system, 
then the application could benefit from hyper- 
threading without requiring any modification 
to the application itself. 

Imagine if I were running one of these cool, 
new dynamic runtime applications like a Java or 
a C# application and ... the garbage collector, 
the [just-in-time compiler] and the dynamic run- 
time environment [were] separate threads run- 
ning in parallel with the application. So my new 
C# application wouldn’t need to be restructured 
for multithreading, but the underlying dynamic 
runtime environment would be. 

The third example would be to put these 
capabilities directly into the compiler so that the 
compilers automatically generate those threads. 
So the application doesn’t need to be rewritten; 
it just needs to be recompiled. 

However, to get the greatest benefit from 
hyperthreading, yes, you would need to rewrite 
the application. But you’re going to benefit from 
this well in advance of requiring this restructur- 
ing of the applications themselves, by any of the 
first three paths. 

Whai will a typical server look like in three to five years? 
I see us building four- or eight-way machines 
that are clustered together to build really big 
machines. So I have a rack [of ] 16 4u (lu equals 
1.75 in.) slices, and each slice is an eight-way Ita- 
nium, and each of those is using hyperthreading. 

I might have four threads running, so within 
a slice, I could have as many as 32 threads of 
execution going on. In a rack, I have 16 of these, 
and they’re all clustered together using tech- 
nologies like Infiniband. That’s the mainframe 
of the future. ... And that will blow away the 
price performance of anything that the alterna- 
tive approaches will offer. 


| What will the desktop look like? Key technologies will 


allow us to repartition the form factor of the PC 
— things like 3GIO. And when you've done that, 
you can all of a sudden start separating. I can 
show you a system of the future where my com- 
puter is actually under the desk, and I have all of 
my I/O capabilities on top of the desk or even 
integrated into the LCD monitor. 

I see form factors continuing to decrease, 
power efficiency becoming more critical, flat- 
panel displays becoming dominant and tech- 
nologies like speech and audio being good 
enough that they are meaningfully deployed. 
The move to speech, pen and vision computing 
[will] really explode. D 


Does Moore's Law still apply? How will the Banias pro- 

cessor affect mobile computing? For more answers from 

[ Intel's Gelsinger, and for explanations of the technolo- 
gies mentioned, visit www.computerworld.com/q?a1440. 
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FTER THE NAZI death camps were liberated, 
Rachel Goldman-Miller spent days drifting 
among thousands of shocked survivors, 
desperately searching for information about 
her relatives. 

“Somebody said that they saw my brother in 
Auschwitz and that he was shot because he wouldn’t 
put my mother in the oven,” she recalls. “If it’s true, I 
hope he died. I hope it is true.” 

While making the movie Schindler’s List, director 
Steven Spielberg heard scores of stories from Holo- 
caust survivors like Goldman-Miller and he came to 
a stark realization: With survivors reaching their 70s 
and 80s, it wouldn’t be long before there were no 
witnesses left. So he created the Survivors of the 
Shoah Visual History Foundation to capture the sto- 
ries on video so future generations can see and hear 
them directly from the sources. 

Seven years after its creation, the Shoah Founda- 
tion, which has an annual budget of $10 million to 
$13 million (plus $30 million in technology dona- 
tions), has collected more than 51,000 video testi- 
monies from Holocaust survivors. But the larger 
story has been a challenge to piece together. 

Just scheduling interviews with tens of thousands 
of survivors and eyewitnesses and recording them 
in 32 different languages and 57 countries has been a 
logistical quagmire, says Sam Gustman, the founda- 
tion’s executive director of technology. To handle the 
load, his team created a homegrown production 
scheduling system with Santa Clara, Calif.-based 
FileMaker Inc.'s FileMaker Pro. But the bulk of the 
work is now focused on cataloging and disseminat- 
ing the video and digital collection. 

“It’s an enormous challenge,” says Connie Moore, 
an analyst at Cambridge, Mass.-based Giga Informa- 
tion Group Inc. “Digital asset management is ... very 
much an emerging technology.” 


An ‘Immature Market’ 

Digital asset management (also known as enter- 
prise content management) is the process of catego- 
rizing, packing and indexing images or graphics. It’s 
a mission-critical priority for media companies and 
museums, Moore says. 

Movie studios and news corporations use digital 


asset management technology to archive film footage | 


or photos. Other big users of digital asset manage- 
ment are companies with large image archives, such 
as automakers, which tend to run massive advertis- 
ing campaigns, says Moore. 

When the Web came along, it raised awareness 
about the need to catalog content, but it’s still not 
seen as high on the hierarchy of needs in most indus- 
tries, says Moore. She predicts that will start to 
change in the next few years, however, as Internet 
content and advertising grow. Most companies don’t 
even have an effective way of cataloging their Power- 
Point or Web documents, she says. 

There are some tools that can automatically find 
the beginning and end of clips and simplify the video 
logging and metatagging process, says Lou Latham, 
an analyst at Stamford, Conn.-based Gartner Inc. 
The top vendors include Convera Corp. in Vienna, 
Va., and Virage Inc. in San Mateo, Calif., he says. But 
automated metatagging is an unfulfilled promise that 
he’s heard from lots of vendors. “This is a very imma- 


TECHNOLOGY 


ture market,” Latham says. 

The Shoah Foundation is, in many 
regards, leading the way. It has 180 
TB of archives and 400 TB of stor- 
age space available, according to 
Gustman. And in October, it was 
awarded a $7.5 million National 
Science Foundation grant — with 
IBM, The Johns Hopkins University 
in Baltimore and the University of 
Maryland in College Park as subcon- 
tractors — to advance voice-recognition technology. 

“I think that would be nirvana,” Moore says of the 
idea of using voice-recognition technology in digital 
asset management. 


| APainstaking Process 


The foundation’s cataloging experts watch the 
videos and, using a customized back-end database 
donated by Emeryville, Calif.-based Sybase Inc., 
break them into segments. Those segments are as- 
signed keywords from a master list of 21,000 topics, 
such as “hiding places” or “aid givers.” The testi- 
monies, recorded on 3M bit/sec. MPEG video (Hop- 
kinton, Mass.-based EMC Corp. does the Shoah 
Foundation’s media streaming), are cataloged with 
lists of keywords, text summaries describing the sur- 
vivors, related documentaries focusing on topics 
such as the ghettos or labor camps they lived in, and 


| past and present photos of them and their families. 


So far, the foundation has cataloged about 5,000 
tapes. At that rate, it would take a decade to catalog 


A SHOAH STAFFER inter- 
views a Holocaust survivor. F 4 





CATALOGERS SORT VIDEO at the 
Shoah Foundation’s headquarters. 
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the entire collection, says Gustman. 
However, technological advances 
such as voice-recognition tools 
could speed up the process by sev- 
eral years, he says. 

“In the most abstract sense, what 
do you do with 115,000 hours of 
video?” asks Shoah Foundation Pres- 
ident and CEO Doug Greenberg. 

Speech recognition could auto- 
mate the process by assigning key- 
words and time stamps to videos. But voice-recogni- 
tion technology is still awkward, and the Shoah Foun- 
dation has some challenges that could make it even 
less reliable: The people in the videos speak many 
languages, many of them have heavy accents, and they 
are occasionally overcome with emotion, making 
their words difficult to understand, says Greenberg. 

Beyond the cataloging challenges, the Shoah Foun- 
dation is grappling with the problem of how to dis- 
seminate the material. It has eight documentaries and 
two educational CD-ROMs (with a third in the works), 
and it would like to make the testimonies available to 
the public. To guard the integrity of the collection 
and protect it from hate groups, the foundation has 
used secure fiber-optic networks to transmit the 
collection to museums and educational institutions. 

Once the foundation gets a handle on these and 
other issues, it plans to use the fine-tuned process to 


| capture other stories of genocide and hatred, says 


Greenberg. “Cambodia, Rwanda: It’s a very, very long 
list,” he says. D 


Managing 
~ TheMemories 


The Shoah Foundation uses digital asset management to make sure 
the stories of aging Holocaust survivors live on. By Melissa Solomon 
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HOT TRENDS & TECHNOLOGIES IN BRIEF 


Emoticons and Internet Shorthand 


DEFINITION 
Emoticons are glyphs, usually rep- 
resenting stylized facial expres- 
sions, that are created mainly 
from short sequences of punctu- 
ation marks and are designed to 
convey an emotional tone in 
e-mail. Other types of Internet 
shorthand include various 
acronyms and abbreviations. 


BY RUSSELL KAY 
LECTRONIC MAII 
and Internet news- 
groups are very effi- 


cient at sending dig- | 
and their | 
makes | 


ital 
asynchronous 
them valuable communica- 
tions However, both 
share one glaring fault: Their 
bare-bones ASCII text fails to 


text, 
nature 


tools. 


convey the subtleties of mean- | 
ing that we are accustomed to | 


expressing via cues such as our 


tone of voice or body language | 


| when we are in direct visual or 
| voice contact with another 
| person. 

One answer to that has been 


the development of shorthand | 
symbols designed to convey | 
specific attitudes, moods and | 


emotions. We call them emoti- 
cons. The best-known one is 


the smiley, a sideways version | 
of the smiley-face pin graphic | 
originally developed by Har- | 


vey Ball in 1963 and 
| trademarked. The pin mor- 
phed into the :-) symbol (just 


A Basic Vocabulary 


never | 


tilt your head to the left) some- | 
time around 1980, and Internet 
communications haven’t been | 


the same since. 


Origins 
Internet e-mail began 
| years ago [Special Report, Nov. 


had a single font of mono- 
| width characters — and not all 
that many characters either. 

In 1979, Kevin McKenzie of 


the following suggestion: 
Perhaps we could extend the 


I wish to indicate thata particu- 
lar meant with 
tongue-in-cheek, I would write 
| itso: 


sentence is 





with all the current administra- 
tion’s policies -).” 


cheek. 


Although the _ initial 


| 
| 


| ent punctuation marks. Books 
| have been published 


People have invented thousands of emoticons and abbreviations; these are but a sampling. 


Basic Smileys and 
Other Expressions 
smiling face 
smile with a wink; 
tongue-in-cheek 
frown 

my lips are sealed 
laughing 
surprised 
shocked 

smile, wearing 
glasses 
blockhead 
screaming 
tongue-tied 
brain-dead 


<gdr> 


AAMOF 
AFAIK 
AFK 
BIDT 
BIW 
BYKT 
CULBR 
F2F 
FWiw 
FYA 
GMTA 
HTH 


-& 
%-) 


Internet Shorthand 
<g> or <G> grin 


liRC 
IMHO 
IMNSHO 
low 
LOL 

NM 

oic 
OTOH 
oT 
ROTFL 
ROTFLOL 
TIA 
TTFN 
TINAR 
YMMV 


grinning, ducking 
and running 


as a matter of fact 

as far as | know 
away from keyboard 
been there, done that 
by the way 

but you knew that 
see you later 

face to face 

for what it’s worth 
for your amusement 
great minds think alike 
hope that helps 


if | recall correctly 

in my humble opinion 

in my not so humble opinion 

in other words 

laughing out loud 

no message (used in subject line) 
oh, | see 

on the other hand 

off-topic 

rolling on the floor laughing 
rolling on the floor laughing out loud 
thanks in advance 

ta ta for now 

this is not a review 

your mileage may vary 


30 | 


| 12], and those who used it did | 
so mainly on terminals that | 


the Arpanet’s MsgGroup made | 


| set of punctuation we use, i.e.: If | 





The ‘-)’ indicates tongue-in- 

| grew up. In part, this was to 
re- | 
sponse was less than enthusi- | 
astic, the idea caught on and | 
was extended to a number of | 
variants created using differ- | 


listing | 
| “grinning, ducking and run- | 
| ning,” 
| “rolling on the floor laughing | 
| out loud.” As with emoticons, 
| there are many variations. 

This state of affairs contin- | 


| ued unchanged | 


| very good 
| text on a pager or a cell phone 
| that has only a typical 12-key 
| phone pad is a tedious busi- 


and describing emoticons, and | 


some lists have collections of 


emoticons numbering in the | 


hundreds. But in actual prac- 


| tice, only a few are widely used 


(see below). 

In the 1980s and ’90s, the 
popularity of text-only Usenet 
newsgroups and chat rooms 
grew dramatically. Many of the 
individuals posting messages 
in these forums tried to be 
sarcastic or ironic, but the ab- 
sence of other cues caused oth- 
ers to take seriously remarks 
that were never so intended. 


This resulted in arguments and | 


“flame wars.” A “flame” is an 
exaggerated criticism, often in- 
volving name-calling. Emoti- 


cons solved some of these 


| problems. 
“Of course you know I agree | 


| Not Graphies, Shorthand 


In addition to emoticons, a 
kind of Internet shorthand 


time by abbreviating 
some common phrases, but 
some of these abbreviations 
and acronyms also had consid- 
erable emotional content. 

My two personal favorites 
are <gdr>, which translates to 


save 


and ROTFLOL 


essentially 
during the 1990s, but around 


| the turn of the millennium, a | 
| whole new class of shorthand 


came into being, driven not by 


| e-mail but by the availability of 
| text messages over pagers and | 
| cell phones. 
Short Messaging Service has | 
| become popular among teen- 
| agers and young professionals 
| for exchanging messages while 
in school or meetings. They 
| have created a much denser 


form of shorthand, and for a 
reason. Entering 


@ Are there technologies or issues you would like to learn about in QuickStudy? Please send your ideas to quickstudy@computerworld.com 
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A Trademarked 
Emoticon 


o_ ( 
= con, the frowny 


(above), was actually granted 
trademar status (Registration 
No. 2347676) on May 2, 2000. 
The trademark hoider is a 
Dallas-based company called 
Despair Inc., which markets a 
variety of humorous items that 
parody motivational themes. 

At the time the trademark 
was granted, E.L. Kersten, De- 
spair's chief operating officer, 
announced his intention to sue 
“anyone and everyone who 
uses the so-called ‘frowny’ 
emoticon, or our trademarked 
logo, in their written e-mail cor- 
respondence. Ever.” 

Kersten followed this up by 
filing a suit against more than 
7 million individual Internet 
users alleging trademark in- 
fringement and requesting that 
separate injunctions be granted 
against each person. 

The whole thing was a pub- 
licity stunt, of course, but the 
fact remains that the trademark 
is legitimate — or at least legal. 
Despair now sells frownies 
from its Web site (www. 
despair.com) for $0.00 each. 

~ Russell Kay 


One well-known and 


ness, often requiring as many 


single letter. 

Anything that can shorten 
the process is welcomed, and 
result has been a kind 
of shorthand reminiscent of 
those old bus and subway ads 
offering to teach shorthand to 
budding stenographers: “If u 


| cnrd ths ucn gta gd jb.” This is 


For a complete list of 


called TXTING, or texting. D 
Technology Quick- 
Studies, visit Com 


. 
Quick 
Link® puterworld.com at 


www.computerworld.com/q?q3000 
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Hard Swap for 
A Hard 


When your laptop needs a bigger 
hard disk, what do you do? Easy question, 
complex answer. By Russell Kay 








UNNING OUT | 
of disk space is 
abummer,espe- | 
cially onalaptop, | 
where you can’t 

| just add ina second drive. I 
always seem to be on the edge 
of filling up the 6GB disk on 
my 2-year-old Dell Latitude 

as I test-drive new software. 
The only good answer to more 
space is to replace the existing 
notebook hard drive witha 
bigger one. 

Unfortunately, this is a 
daunting task for most users. 
You have to back up every- 
thing on your current drive, 
| install the new one, set up 
partitions with the Windows 
fdisk program, format the hard 
drive, and install the operating 
system and all your applica- 
tions — it’s easy to spend two 

or three full days just getting 

your data and 
working envi- 
ronment back 
to where you | 
started from. | 
Special mi- 
gration soft- | 

| 


| the 


ware can help, but this be- 
comes an IT-only procedure. 
Several products aim to 


| make this process simpler. 
| Basically, they 
| new hard drive, a special cable 


all consist of a 


connecting the drive to a PC 
Card and software that copies 


| everything from your old drive 
| onto the new one. Considering 


that GOGB laptop drives are 


| now available, this road was 
| clearly worth exploring. 


During the past several 
months, I have tried three 


| such upgrade kits on my Dell 
| laptop. How well did they 
| work? I'd have to say that the 


operation was a success but 
patient died. 


| Dead on Arrival 


The first attempt in- 
volved a 30GB Strata- 
Drive kit from Fountain 
Valley, Calif.-based 
Kingston Technology 
Co. (Kingston has 


since stopped selling this 
| product, but it was actually 


made by and is still available 


| from CMS Peripherals Inc. in 
| Costa Mesa, Calif.) The drive 


| is packaged in an antistatic 


| THE CMS PERIPHERALS | 
EasyBundle kit can help your | 
| laptop boost its disk space. 


mylar envelope whose 
edges are die-cut in a 
serpentine fashion to 
form a long, anti- 
static strap ending 
& in analligator clip 
that you attach to 
a metal screw or 
fitting on the 
laptop. 

I followed 
the instruc- 
tions to set up the drive, start- 
ed the process and left it run- 
ning, since it would take some 


cMS | 





time. Unfortunately, when I 


| got back to check on it more 
| than 40 hours later, it was still 
| at the very same spot. 


I double-checked with 
Kingston tech support that it 


| wasn’t supposed to behave like 


that, downloaded some newer 
software and tried again. And 


| again. After the fourth attempt, | 
| involving the third software 


version, I gave up. 


Yes! No. 


Attempt No. 2 
involved a $298 
20GB EZ-Gig kit 
from Apricorn Inc. 
in Poway, Calif. 
This was similar to 
Kingston’s CMS unit, though 
without the cute antistatic 
strap. I installed software on 
the machine, then shut it off 


| and rebooted from a supplied 


floppy disk. When the systern 


| asked me to plug in the PC 


Card, I did so, and the transfer 


| was off and running. 


In under two hours, the 
transfer was finished. I shut 


| down the machine, removed 


the hard drive and installed 
the new 20GB unit. When I 


| turned it on, it ran perfectly. 


In fact, this was one of the 


simplest and most trouble-free | 


installations of any combina- 
tion hardware/software prod- 


| uct I’ve tried in a long time. 


Unfortunately, that wasn’t 
the end of the story. After a 
week, the system refused to 


| boot. It would get partway 

| along and hang. It wouldn’t 
even boot into Windows’ 

| safe mode. Booting from aCD | 
and using several diagnostic 


tools confirmed that the drive 
had developed a bad spot in 


| a critical area. Attempts to 
| repartition and reformat the 
| drive were unsuccessful. 


This wasn’t Apricorn’s fault, 


| and a paying customer would 
| certainly be entitled to get the 


drive replaced. 


| Third Time's the Charm? 


A couple of months 
later, I tried again. 
This time, I used a 
$289 CMS Peripher- 
als 20GB EasyBun- 
dle kit. The upgrade 
process was familiar from at- 


| tempt No. 1, but this time, it 
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| went smoothly. However, 
the software decided that my 

| computer couldn’t handle a 
20GB drive without help, and 

} it required me to install pre- 
boot software (Disk Manager 

| from Ontrack Data Interna- 

tional Inc. in Eden Prairie, 

Minn.). After this, the process 

was finished, and I swapped 

| the new drive into my laptop. 

Now, when the system boot- 

ed, I got a preboot message 

| on the screen, and the system 

| stopped. Windows’ ScanDisk 
diagnostic program said it 

| couldn’t find the end of the 

| disk and gave me the choice 

| of continuing or stopping. I 

| continued, and after another 
“Are you sure?” prompt, Win- 
dows 98 came up just fine. 

| This pattern repeated every 

| time I booted up, and I could- 

| n’t run the computer for more 

| than an hour without running 
out of resources and having 

| to reboot. I can’t be positive 

| that the problem was caused 
by the new disk installation 

| or the Disk Manager software, 

| but alas, the system was con- 
siderably less stable than it 

| had been. 

In the end, I went back to 

| the 6GB drive. It was smaller 

but more stable, and it didn’t 

natter at me every reboot. 


| Another Route 


Three tries, no new hard 
drive. Was my experience rep- 
| resentative, or just a string of 
bad luck? Given my experi- 
ences, I can’t exactly recom- 
mend this procedure for up- 
grading a laptop’s hard drive. 
I’ve had much better luck 
doing it the harder, old-fash- 
ioned way. However, there’s 
a new process available that 
| I haven’t had a chance to try. 

CMS has a hard-drive back- 
up unit, ABS Plus, that plugs 
into a PC Card slot. In the 
latest version, the resulting 

| backup disk is fully bootable. 

| A CMS engineer said this is 

| probably a better upgrade 
route today: Get the ABS Plus, 

| make the backups, then just 

| remove three screws and 
swap the two drives. No fuss, 
no muss. 

| I’m waiting to get a unit to 
test, because I’m still filling up 

| that 6GB drive on my Dell. D 
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User Indifference ‘Thwarts 
Electronic Signature Effort 


Vince’s elation turns to disappointment after the 
marketing department asks for something simpler 





BY VINCE TUESDAY 
N E-MAIL FROM the direc- 
tor of marketing put a 
spring in my step this 
week. He and I have 
locked horns over securi- 
ty issues in the past. Marketing always 
wants to develop new services and of- 
fer our clients access to them online. 

Those are good business ideals, but 
marketing never seems to think about 
the fallout from such 
schemes. I’ve had to steer 
them away from the plans 
that were the most — well, 
I'd call them mad, and they 
would probably call them 
innovative. 

This healthy tension be- 
tween taking risks to bring 
in new business and pro- 
tecting brand has 
meant that although we 
get on very well personal- 
ly, professionally we often 
find in heated 
debates about new proj- 
ects. But for once, the mar- 
keting director’s e-mail 
seemed to show that we 
were perfectly aligned. He 
wanted to discuss electronic signatures 
on our Web site, with reference to dis- 
tributing documents to shareholders 
and customers. 

An e-mail like that makes me want to 
dance — in the past six months, I’ve put 
some effort into sorting out a decent 
system for pushing out public-key in- 
frastructure and signatures to clients. 
The result is multivendor compatible, 
with a distribution system using Moun- 
tain View, Calif.-based VeriSign Inc.’s 
Secure Sockets Layer certificates to au- 
thenticate us to our clients. 

This system wasn’t backed by the 
business teams because they felt the 
time wasn’t right. Although they didn’t 
stand in the way, we had to beg and bor- 
row the budget for software and equip- 
ment to get the system working. But 
this e-mail showed me that my work 


our 


ourselves 
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hadn’t been in vain: Marketing now 
wanted to take advantage of the setup. 
No doubt the plan was to use digital sig- 
natures to ensure that the information 
that affects prices couldn't be tampered 
with while being downloaded. 

I eagerly set up a meeting that day to 
discuss the details. I then shared the 
news with my team, smug about our 
foresight and how easy it would be to 
answer every request. 

We went to the meeting 
room and found a harried 
marketing director. He was 
obviously concerned about 
how we could implement 
the technology swiftly 
enough to meet his usual 
aggressive deadlines, I 
thought. 

Then he explained what 
he wanted. He wasn’t inter- 
ested in electronic signa- 
tures as defined in the Elec- 
tronic Signatures in Global 
and National Commerce 
Act. He wasn’t interested 
in ensuring confidentiality 
and authenticating employ- 
ees’ identities as they ex- 
change company secrets. 

No, he wanted to add the scanned im- 
ages of senior managers’ signatures to 
the bottom of pages to give them the 
appropriate feeling of authority. Could 
we relax the restrictions on size and file 
types at the e-mail gateway, he asked, 
so he could e-mail these enormous bit- 
maps to our customers? 

That proud feeling sparked by the 


morning e-mail evaporated, leaving me | 


with the sour task of explaining that 
while sending out such images posed 
few security risks, it wasn’t such a hot 
idea and didn’t fit with the image of our 


company being at the cutting edge of 


electronic document interchange. 
Weeks that start well and then go 
wrong always end up worse than weeks 
that tick along in the middle or even in 
the lower half of success, and this one 
was no exception. After the disappoint- 





ment of our electronic signatures mis- 
understanding, I faced a most difficult 
situation for a security manager. 

It started with a manager taking me 
to a quiet corner. “We are sacking Bill 
today.” he said. “As you know, he is a 
systems administrator on many of our 
key systems. Can you just make sure 
that he can’t do anything bad? Thanks.” 

It wasn’t the first time this had hap- 
pened. Sometimes, we get a bit more 
notice, but at other times, we just re- 
ceive a note after the fact. It was too late 
to fully protect against any malicious 
acts by this staff member, but in notify- 
ing us, his line manager had passed the 
buck. Now if anything bad happens, he 
can say that he notified the information 
security department and that we failed 
to take appropriate action. 


Securing Systems 

But what is appropriate in such a sit- 
uation? In this case, we followed due 
diligence and changed the passwords 
and access keys known by this systems 
administrator, but if he were malicious, 
he could easily have installed a logic 
bomb or a back door into the system be- 
fore he left. This administrator had 


even been involved in the deployment 


of the very security monitoring tools 
that we normally use to identify Trojan 
horses and therefore could well have 
known how to disable and circumvent 
the protections. 

How could ourselves 


we protect 


without alerting him to our concerns? If 


we acted as if he might take malicious 
action, he might have felt untrusted and 
hence acted in an untrustworthy way. 

Some companies deal with this prob- 
lem in innovative ways. One firm had to 
get rid of several staffers at once, so it 
had a fire drill. Once everyone was in 
the parking lot, the firm disabled the 
swipe cards of the people they were 
sacking, so they couldn’t get back in af- 
ter the evacuation. That’s not a very en- 
lightened approach toward staff feel- 
ings, but it certainly was effective. 

We couldn’t take that approach and 
ended up just making a low-key pass- 
word change. We will have to wait and | 
see if he did anything bad, but nothing 
has been detected. I think we can trust 
him, but will we always be so lucky? 
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Back door: This is an entry into a sys- 
tem left by a trusted insider so that he 
can gain access after official privileges 
have been removed. The greatest back 
door of all time was developed by Unix 
co-creator Ken Thompson. He modified 
the C compiler so that it would recog- 
nize when the log-in command was 
being recompiled and insert code rec- 
ognizing Thompson's password, giving 
him entry to every system. 

Normally, a back door could be de- 
stroyed by removing it from the source 
code for the compiler and recompiling 
the compiler. But to recompile the com- 
piler, you have to use the compiler. So 
Thompson had the compiler recognize 
when it was compiling a version of it- 
self. It then inserted the backdoor code 
into the new compiler. 

Having done this once, he was then 
able to recompile the compiler from the 
original sources; the back door perpetu- 
ated itself invisibly. 


Logic bomb: This is a piece of code 
included secretly in software that will 
perform malicious acts at a set time if 
not stopped by the writer. Disgruntled 
ex-employees have used logic bombs to 
punish companies for sacking them. 


LINKS: 


www.nbnn.com/news/01/168823. 
html: This story tells how Emulex Corp. 
in Costa Mesa, Calif., lost $2.2 billion in 
market capitalization through a stock 
manipulation because it didn’t have ef- 
fective electronic signatures for its doc- 
uments. But at least the attacker got 44 
months in jail. 


www.techlawjournal.com/ 
internet/20000703.htm: Look here 
for the legal mumbo jumbo behind the 
Electronic Signatures Act. 


I hope the economy turns soon so 
that I can focus on dealing with foolish 
ideas about electronic signatures and 
reduce the time I spend changing pass- 
words and protecting systems from 
people who leave against their will. 

How do you deal with security issues 
when layoffs affect key employees? I 
look forward to your ideas in the Secu- 
rity Manager’s Journal forum. D 


Ouicc 


For more on the Security 
Manager's Journal, including past 
journals, visit 

Le re ce 


@ This week's journal is written by areal security manager, * Vince Tuesday,” whose name and employer have been disguised for obvious reasons. Contact him at vince.tuesday@hushmail.com or go to the Security Manager's Journal forum. 





You won't see the next network 
security threat coming. 


STAT). 


When the next Code Red, Goner 
or Nimda comes along, STAT 
could be the difference between 
a crippled system and one that’s 


completely unaffected. 


pro.STATonline.com 


But STAT willl. 


Arming yourself against the next threat requires more than vigilance. It requires a new level of defense. 
At Harris, we know; for more than 25 years, we've helped keep government networks secure — and 
now we're helping businesses stay ahead of the enemy with our STAT intrusion prevention tools. For 
example, STAT Neutralizer proactively protects servers and workstations by using behavioral 
analysis to prevent intrusions and malicious activities from taking place. STAT Neutralizer provides a new 
layer of security to defend your network during its most vulnerable time — before an anti-virus 
update can be downloaded. And that's just the beginning of what STAT can do. To start winning the 


war on cyberattacks, call 1-888-725-STAT (7828) today or visit our website 


next level solutions 


STAT ANALYZER 
STAT NEUTRALIZER 


STAT SCANNER 


HARRIS 
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TECHNOLOGYE it 


Building a Better 
Virtual Private Net 


Virtela’s service rvice promises rises to reduce the 


hassle, cost of creating and running VPNs | 


BY DAN VERTON 
IRTUAL PRIVATE 
networks (VPN) 
are difficult to 
do right, so users 
tend to look for 


an experienced vendor that will | 


be around for the long term. 
That could make it hard for a 
start-up offering VPN services. 
But Virtela Communications 
Inc. faces few of the challenges 
that hamstring most start-ups. 
In addition to attracting some 


of the biggest names in infor- | 


mation security as investors, 
Virtela brings a seasoned man- 
agement team and offers a 
unique approach to providing 
VPN services. 

Vab Goel, the company’s 
chairman and CEO and a for- 


mer executive at Denver-based | 
Qwest Communications Inter- 


national Inc., says Virtela is 


building one of the world’s | 


largest IP networks, with more 
than 10,000 access points 
worldwide. Along the way, 


the Greenwood Village, Colo.- | 


based company has focused 
on performance through opti- 
mized routing services and 


on keeping costs down by leas- | 


ing existing wholesale 


work capacity. 


net- 


The goal is to enable users | 


to “experience the public net- 
work with the reliability, per- 
formance and security of the 
dedicated private network,” 
says Goel. 


Direct Access 


The firm’s centralized ap- 


proach to VPN services gives | 


customers direct access to net- 
work statistics, service order 
entry, integrated billing, trou- 
ble reporting and online sup- 
port, user and role administra- 


tion, client management and a | 
single point of contact for sup- | 


port, according to Goel. Virtela 
also offers videoconferencing 





and voice over IP services as 
part of its VPN offering. 


Early users have responded | 
| regional director at AnalytX 


positively to the service. Ana- 
lytX Inc. needed a secure, cost- 
effective way to connect em- 
ployees at six offices around 


[ Virtela’s goal 
is to let users] 
experience the 
public network 
with the relia- 
bility ... of the 
dedicated pri- 
vate network. 


VAB GOEL, CHAIRMAN AND CEO 


Virtela 
Communications 
Inc. 


5680 Greenwood Plaza Bivd. 
Suite 200 

Greenwood Village, Colo. 80111 
(720) 475-4000 


Web: www.virtela.net 





the world. The software devel- 


opment company briefly con- 


sidered doing the project in- 
house, but it instead chose 
Virtela’s service because of the 
vendor’s centralized approach 
to providing service and sup- 
port, says Mark Dellasanta, 


in Boston. 
Dellasanta, who is planning 
to add the VirtelaVoice video- 


Niche: Low-cost, global IP-based 
VPN services 


Company officers: 

© Vab Goel, chairman and CEO 

© Ted Studwell, vice president of 
engineering and strategy 

© Mark Hansard, vice president of 
systems and security 

e Jian Li, vice president of technol- 
ogy and operations 


Milestones: 
© April 2000: Company founded. 
* October 2000: First customers 
signed on. 

* April 2001: Received 
$35 million in funding. 
* October 2001: 
Service officially 


Burn money: $75 

million from Norwest 

Venture Partners, New 
Enterprise Associates, Palomar 
Ventures and others 


Pricing: VPN service starts at 
$300 per month, per site; $25 per 
dial up connection and $100 per 
broadband connection. Virtela- 
Video videoconferencing service 
and VirtelaVoice voice over IP ser- 
vice are included with Virtela VPN. 


Customers: Winphoria Networks, 
AnalytX, AT&T Wireless Services 
Inc. and others 


Red flags for IT: 


¢ Virtela still lacks large, corporate 
accounts for references. 

* The start-up faces increasing 
competition from other service 
providers. 





oo Lt, 





conferencing service on top of 
his VPN, says he’s pleased with 
Virtela so far. 

“They have been nothing but 
professional, organized and ef- 
ficient throughout our entire 
process,” he says. 

Wireless service provider 
Winphoria Networks Inc. need- 
ed a cost-effective way to give 
remote research and develop- 
ment staff in India and Spain 
access to sensitive corporate re- 
sources, such as e-mail and in- 
tranet applications, at its head- 
quarters in Tewksbury, Mass. 

Traditional wide-area net- 
work circuits, such as frame 
relay, would have been too 
costly, says David Heafey, IT 
director at Winphoria. “Virtela 
was able to stage and ship VPN 
appliances to these locations 
very quickly,” he says. “They 
spend the necessary time up- 
front to design a VPN infra- 
structure that fits the require- 
ments of the customer.” 

Heafey says he has experi- 
enced no unplanned down- 
time since starting the service 
and that “performance is al- 
ways within a couple of per- 
centage points of my contract- 
ed bandwidth.” 

Virtela’s ability to tackle 
global VPN projects while 

maintaining a customer- 
centric approach makes 
the company unique 
among start-ups, 

y cording to Zeus Ker- 
ravala, an analyst at 
les The Yankee Group in 
Boston. “They approach 

each engagement almost as a 
consultant would, where they 
do a network audit and review 
of business processes,” he says. 

Although Virtela has done a 
good job of using bandwidth 
from other providers, “IT man- 
agers are now starting to look 
at the financial strength of the 
service providers, and using 


| [a start-up] might seem more 


risky than it did before,” Ker- 


| ravala says. Although Virtela 
| is financially strong, 


“clearly, 
their No. 1 focus right now 
should be to get some marquee 


| client wins,” he says. 


That point isn’t lost on Goel. 
“We know that more money 
doesn’t guarantee success,” he 
says. “You build a business that 
scales with the customers.” D 
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the buzz | 


STATE OF 
THE MARKET 


IP VPNs on 
The Upswing 


IP-based VPNs are on a roll. About 75% 
of large U.S. organizations have either 
already deployed an IP-based VPN or 
plan to deploy one within the next two 
years, according to Cahners In-Stat 
Group in Newton, Mass. 

IP-based VPN services are replacing 
Asynchronous Transfer Mode/frame- 
relay data VPN services because 
they cost less and provide faster provi- 
sioning of service, improved security 
and greater ubiquity of service, says 
Cahners analyst Henry Goldberg. 

Virtela faces competition from VPN 
hardware and software providers, such 
as Cisco Systems Inc., and service 
providers, such as Reston, Va.-based 
XO Communications Inc. 

What sets Virtela apart is its consult- 
ing approach to VPN sales, and the relia- 
bility and performance that a provider 
with multiple backbone networks can 
offer, says Zeus Kerravala, an analyst at 
The Yankee Group. 

“They sell backbone connectivity 
using a multitude of carriers,” Kerravala 
says. “However, if you go witha single 
carrier, you may not always get optimum 
routing. That does provide Virtela an 


% 
i 


advantage.” 
ac- 


Virtela’s direct competitors include 
the following companies: 


Savvis 
Communications Corp. 
Herndon, Va. 

www.savvis.net 


Rather than relying on the public Inter- 
net to provide VPN connectivity, Sawis 
uses private leased lines and says they 
offer a higher level of security. All routing 
and firewall operations are on the Sawis 
network, eliminating the need for the 
customer to provide a supplemental 
security infrastructure. 


internap Network 

Services Corp. 

Seattle 

www.internap.com 

Like Virtela, Internap offers its VPN ser- 

vice on top of existing carrier networks. 

Internap has access-point facilities in 

eight cities and, like Virtela, offers intel- 

ligent routing-optimization technology. 
-Dan Verton 
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Gain an unfair advantage. 


Subscribe to Windows Advantage — FREE. And get a head start on the competition. 


~ COMPUTERWORLD 


CUSTOM PUBLISHING 


Microsoft COMPAQ 


www.windowsadvantage.com/300 





Windows ADVANTAGE.com 


For IT leaders managing Windows on: Compag Solutions 


@ careers.com 


Senior Oracle Applications 
Database Administrator sought 
by company in Boulder, CO 
specializing in professional 
consulting services to work in 
various unanticipated job sites in 
the US. Responsible for technical 
aspects of installing and imple- 
menting Oracle applications, as 
well as architecture design 
& review. Design & develop 
customization & interfacing 
to legacy data, upgrading to 
accommodate recent software 
releases, database tuning, system 
sizing & database administration 
Responsible for designing & 
developing interfaces of the 
standard Oracle application with 
other available processes. In 
UNIX & Windows NT environ- 
ments, use Designer & Develop- 
er 2000, including Oracle Forms 
4.5, Oracle Reports 2.0 & 2.5. 
SQL" Plus, PL/SQL, SQL* 
Loader Tools, & Oracle Applica- 
tions 11, 11.0.3. Requires master's 
or foreign equivalent in comp. 
sci., eng., or related field (incl 
civil eng.) plus 3 years of Oracle 
experience; or, a bachelor's 
degree or foreign equivalent in 
comp.sci., eng., or related field 
(incl. civil eng.) plus 5 years of 
Oracle experience; working 
knowledge of SQL* Plus, PL/ 
SQL, Oracle Forms 4.5, Oracle 
Reports 2.0 and 2.5, UNIX & 
Windows NT. 8am-5pm, M-F 
$95,000/yr. Respond by resume 
to James Shimada, CO 
Dept. of Labor & Employment, 
Employment & Training Division 
Tower II, #400, 1515 Arapahoe. 
Denver, CO 80202, & refer to 
Job Order Number CO5007286. 


SOFTWARE ENGINEER 


Experienced in the complete 
software development life cycle 
including analysis, design, code. 
test, and documentation. Essential 
skills: strong background in C++ 
computer networking, object ori 
ented design techniques, multi- 
threaded programming, commu- 
nications protocols (IP, TCP, 
UDP), Visual Studio, network 
programming, MFC, Winsock 


Requires BS in CS/MattVEE or a 
related discipline and minimum 
of 2 years software development 
experience utilizing the essential 
skills above. Assembly level 
programming required. Preter 
MS and knowledge of financial 
markets arid data. Proof of right 
to work in the US required. 


To apply send resume and cover 
letter statiny Code: ITC, to Human 
Resources, CQG, Inc., 1050 
17th St., Ste. 2000, Denver, CO 
80265. EEO 


F/T Software Support Engineer 
Provide online technical support 
for Advancad Planning & Sched- 
uling/Supply Chain Manage- 
ment software. Enhance & 
research manufacturing sched: 
uling issues for customers 
Assist customers w/the develop- 
ment, customization, implemen. 
tation & modifications of database 
Analyze software technical 
problems. Debug applications 
fix errors in software & enhance 
Must work w/ manufacturing 
scheduling systems, Visual Basic 
Visual C++ & SQLPlus, Microsoft 
Access, SQL server & Oracle 
Must have Bachelor's degree 
in CS, Comp. Info. Systems. 
Business Admin. w/concentration 
in Management info. Systems or 
related field. Foreign degree 
equivalent accepted. Educational 
or work background must have 
included the above-referenced 
skills. Salary: $71,400. Send 
resume to Jim Pearce, Thru-Put 
Corporation, 2099 Gateway 
Place, Ste. 240, San Jose, CA 
95110. 


Askme Corp seeks Sr. S/W 
Engr-lead for Seattle: DESC: 
Dsgn, dev & test web enabled 
app's util Java, ASP, VBScript, 
JScript, XML, & Win o/s. Dev & 
imp! test tools, test scripts, & test 
plans to ensure products & com- 
ponents meet perform & dsgn 
spec's. REQ: MS or BS in Engr, 
C.S., Math or Phys + exp dsgn, 
dev & test commercial s/w util 
HLL Win o/s & prov sys & netwrk 
admin & security util TCP/IP & 
netwrk protocois; 2 yrs exp in 
internet prog util Java, JScript, & 
VBScript. Prem. sal. avail + bon. 
& benes. DOE. Pis send 
resumes to N.Wright, 3290 
146th Place SE, Suite D 
Bellevue WA 98007 & refer to job 
# NW-103 


SAP Systems Analysts/ 
Programmers 
Analyze user-requirements, pro- 
cedures & problems to integrate 
& customize SAP's client-server 
software systems for clients 
Based in San Francisco; some 
travel (employer paid) 
Send resume to: 
Global Enterprise Solutions, inc. 
4040 Civic Center Drive, Ste. 200 
San Rafael, CA 94903 


Sr. Director of SW Development 


Will lead SW engineering teams 
in the design & implementation 
of network management and 
SW embedded applications 
for high-speed packet switches. 
Requires MS degree, 6+ yrs 
experience w/NMS, OOD, data 
switching, and 3+ yrs of mgt 
experience. (code CB01) 


Lantern Communications 
211 River Oaks Parkway 
San Jose, CA 95134 
hr@lanterncom.com 


Software/Hardware Consulting: 
Various locations in US. SW 
Engr. Prog/Anlyst, DB Devp & 
Admin. Tech Supp. Syst & 
Netwrk Admin/Anlyst, Hdwre 
Design & Dev., MIS, atc. Req. 
MS/BS + exp. Exint pay & benes. 
Send copy of this ad + your 
resume to Dir. Recrmnt 
CompuWizards, 1301 Ygnacio 
Valley, #101, Walnut Creek. 
CA 94598, or visit www 
compuwizardsusa.com 


MARKETING RESEARCH 
DIRECTOR for designer, 
manf/support of project 
mgmt, resource & financial 
planning software company. 
Send resume to: Fo Harris 
Business Engine 430 N 
Vineyard Ave 4th Floor 


Ontario, CA 91764 


Call your 
ITcareers Sales 
Representative 

or Janis Crowley 


1-800-762-2977 


|B MON ech es 


Microcomputer Support Specialist 
for Comp S/ware Co, configure, 
instail, modify & make minor 
tepairs to comp hardware, 
peripheral components & s/ware 
systm to fit client's needs, 
answering client questions & 
training systms users. Frequent 
overnite travel reqd throughout 
NW States to client sites. Bach 
in Comp or equiv, 2/yrs exp. req., 
9A-5P, 40 hrs/wk. Send resume 
to: Eclipse, inc., 100 Beard 
Sawmill Road, Ste 210, Shelton 
CT 06484. Attn: A. Crocco. 


Getty Images seeks DB Devel- 
oper for HQ office in Seattle 
DESC: Dsgn, dev, & impli 
RDBMS & internet/web imaging 
apps. util. SQL, PL/SQL, VB, & 
COM on WinNT o/s. Perform 
data mining & warehousing to 
gen. reports & data summaries 
on website downloads, traffic, 
transactions, & purchases. Provide 
Oracle dev. support w/in Oracle 
Financials & HRIS sys. REQS: 
BS in Engr, CS, Math, or Physics 
+2 yrs. of exp. dsgn. & impl. Oracle 
RDBMS & Oracle financial & 
HRIS modules & apps. util. SQL, 
PUSAQL, & VB on UNIX & WinNT 
o/s. Prem. sal. + benes. Pls. reply 
to D. Brown, Job#GI-101, 601 N 
34th ST, Seattie, WA 98103. 


Computers. ITGSSI has openings 
in Culver City, CA for software 
project managers & engineers. 
BA/BS (or equiv) req'd + exp in 
C++ & OO methods. Managers 
req 2 yr exp design complex 
large scale software projects 
Fax resume to 213-270-7983 or 
email to hr@itgssi.com. No calls. 


PurchasePro seeks Sr. Prod 
Engr for Las Vegas, NV office 

DESC: Wrk w/ Sr. execs & depart 
mngrs to dev new strat's & initia- 
tives for prod dev, marketing & 
sales. Serve as tech lead for s/w 
engring teams to resrch, enhance 
& maintain strat sourcing s/w 
prod's. Dsgn & dev app interfaces 
to integrate var B2B market 
places. REQS: BS in C.S. + exp 
in dsgn, dev, imp! & optim full life 
cycle enterprise, c/s & internet 
based app's & progs util Oracie 
RDBMS, PL/SQL, C++, Java 
prog tools, XML, Designer/2000, 
Unix & NT based platforms. Exp 
may be gained concurrently. Pis 
send resumes to O.Boyd, OB-101 

7710 W. Cheyenne Ave, Las 
Vegas, NV 89129 


Full time Senior Analyst respon 
sible for analyzing and access. 
ing current standards, languages 
and implementation strategies 
for streamlining and use for 
clients. Develop test case sce: 
narios and build scripts as 
necessary to support the Software 
Quality test environment. Perform 
bench marking analysis between 
different language approaches 
and identify client system re- 
quirements. Design and develop 
system and user workflow models 
and system processing modules. 
Must have a bachelor's degree in 
CS or any engineering discipline. 
Must have 2 yrs of exp. in the job 
offered. Salary $73,430/yr. Send 
resume to: Hubert Bares Intec 
Telecom Systems 2711 LBJ 
Freeway Ste. 512, Dallas, TX 
75234 


Computer/Info. Systems 


Information Systems 
Professionals 

To lead team analysis, problem 
solve for major projects, mentor 
junior level engineers, serve as 
senior architect for design and 
technical implementation of pro- 
jects; coordinate and manage 
team of professionals to ensure 
timely and high quality delivery 
of product; oversee the imple- 
mentation, integration, design, 
coding, testing and documentation 
of custom application software; 
evaluate user requirements and 
consult with design, coding, test- 
ing and documentation of custom 
application software; evaluate 
user requirements and consult 
with design team to identify 
current procedures and needs; 
manage the support and training 
of end-users. Technologies/Plat- 
forms used include UNIX, 
Windows NT, SQL Server, or 
Oracle using SQL, C/C++, Visual 
Basic. Java, Cobol and other 
appropriate programming lan- 
guages in Client/Server, Network 
and Mainframe environments. 
Must have a Bachelors degree in 
information systems, computer 
science, engineering or related 
field. Send resume to: Human 
Resources, Knightsbridge Solu- 
tions, 500 W. Madison Ave., 
Suite 3100, Chicago, IL. Email 
knightsbridge @ hiresystems.co 
m Code: 444. EOE 


Full-time Programmer Analyst 
position available. $45.00 per 
hour. Job Duties include: Design- 
ing, developing, and maintaining 
AS400 programs (using COBOL 
and DB2) to extract data from 
Student Information Management 
Systems for Data Warehouse; in- 
corporating data into E-Scholar 
Database; analyzing, reviewing 
and rewriting programs to adapt 
the AS400 to requirements for 
use district wide in school ad- 
ministrations. Web development 
work also required, including 
web design as well as writing 
various software programs, in- 
cluding a conversion program 
from IBM 4381 mainframe to the 
AS400, utilizing COBOL, JCL 
and DB2. Bachelor of Science 
Degree required with a major in 
Computer Science/Engineering 
or the equivalent. Experience on 
AS400 Platform using COBOL. 
JCL and DB2, and SDLC princi- 
ples and procedures required 
Prior job experience of a minimum 
of 3-4 years required. Please 
submit resumes with social 
security number to the Indiana 
Workforce Development, 10 N 
Senate Avenue, indianapolis, IN 
46204-2277, Attn. Mr. Tim 
Lawhorn. include ID #8137958 


Technical Services Engineer 
needed by a Computer Service 
& Integrator company in Lincol- 
nwood, IL. Must have an Associate 
Degree in Computer Science 
with 1 yr. exp. in computer technical 
support with Microsoft Certified 
Professional Certificate. Respond 
to: President, Compuelectronics 
6512 North Lincoin Ave., Lincol 
nwood, IL 60712 


NETWORK ADMINISTRATOR 
wanted by 3rd party insurance 
administrator in Houston, TX 
Respond by resume to President, 
S/R-10, Managed Healthcare, 
Inc. 5300 Hollister, Ste 320, 
Houston, TX 77040. 


Software Engineers for mid and 
advanced level positions with 
B.S/M.S. degree in CIS. Object 
oriented tech., Visual C++, ATL 
COM, MFC, Win 32 API skills. 
Send resume to STS, an NSB 
Company, 400 Venture Dr. 
Lewis Center, OH 43035, 
Attn: Jess Ramey or e-mail 


to jramey @nsb-us.com 


G Systems, a custom system 
integration co., seeks Project 
Engineers to: design/dev. custom 
s/w applications for test, 
measurement, & control systerns 
using LabVIEW, LabWindows, 
& C/C++; perform engineering 
design _validation/integration 
projects, product test, quality 
assurance, and repair; provide 
tech support for bid research/ 
preparation. Requires B.S. degree 
(EE/CS/ME) + 2 yrs. exp. Send 
resumes to hr@gsystems.com 
and ref. Code PEZ01 


ITEC seeks Programmer 
Analysts available to relocate to 
various unanticipated worksites 


across the United States 


Send resume's to Fritz Smith at 


fritz @ itbcusa.com, or mail to 


ITEC 
17752 Preston Road, Suite 202 


Dallas, TX 75252 


Process Development 
Specialist 


BP is looking for a Process 
Development Specialist with 
a Master's of Science in 
Information Management with 
a minimum of 3 years 
experience in the job offered 


To apply, send resume and 
salary history BP, Attn: John 
Diendorf, 150 West Warrenville 
Road, MC L-2, Naperville, IL 
60563-8460. Fax: 630-961- 
7948 Email: diendojr@bp.com: 
Visit www.bpfutures.com for 
more information. EOE 





Programmer Analyst (Multiple 
positions, St. Louis, MO) will 
analyze, design, test and impie- 
ment various modules of infor- 
mation management system 
utilizing Logic and Information 
Network Compiler (LINC), LINC 
Design Assistant (LDA) and 
Unisys database management 
system (DMS). Require BS/BA 
or the equivalent in Comp. Sci, 
Engr., Math. MIS or in a closely 
related field. Mon-Fri., 8-5. Com- 
petitive salary. Send resume to: 
Ms. Karen Lowry, HR, Government 
e-Management Solutions, Inc., 
121 Hunter Avenue, Suite 100, 
St. Louis, MO 63124, No call / 
EOE 


SOFTWARE ENGINEER wanted 
by consulting & Software firm in 
Houston, TX. Must have Master's 
in Comp. Sc. or Comp. Engring 
plus 1 yr. exp. Multiple openings. 
Respond by resume to: Director, 
Product Development, J/H-#10, 
Lukens Energy Group, inc., 
2100 W. Loop S., Ste 1300, 
Houston, TX 77027 


IT careers and 
IT careers.com 
reach more than 
2/3 of all US IT 
workers every 
week. If you 
need to hire top 
talent, start by 
hiring us. 


Call your 

IT careers Sales 
Representative or 
Janis Crowley at 
1-800-762-2977. 


ITCAREERS 


where the best 
get better 


IT careers.com 


Solid results, record speed --IDG Recruitment Solutions. 


Call Janis Crowley at 1-800- 


99977 
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IT Careers in Security 


Every cycle of the economy tends to produce 
some opportunity, and such is the case with 
information technology security. Even prior to 
Sept. 11, companies were examining how to 
stage themselves for a new understanding of 
business conducted via 1s and Os. With the 
addition of national security to the mix, IT 
security represents one of the most formidable 
areas of growth for IT careers for 2002. 


Jerry Lewis, a partner in Dallas with 
PricewaterhouseCoopers, says the !T security 
business has been picking up for the past eight 
months. “With the slowdown in the economy, a 
lot of companies are stepping back and looking at 
what they want in terms of their long-term posi- 
tion with e-business,” says Lewis. “For many, that 
means developing a security infrastructure that 
will support growth.” 


According to Lewis, IT security was viewed, in 
the past, as a back office operation. That has 
changed, as security and identity management 
have become crucial aspects of an e-business 
operation. Similarly, government agencies are 
pushing the envelope in establishing identity 
recognition and management systems for 


the place where your fellow readers 
are getting a jump 
on even more of 


the world's best jobs. 


Stop in a visit. 


See for yourself. 
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everything from basic public agencies to airport 
security. Identity management includes authenti- 
cation, authorization and managing access of 
employees and business partners. 


And, while security is the critical focus, Lewis 
says IT security has other uses. “Companies need 
to be able to take advantage of what security and 
identity management can do for them as a com- 
ponent of their e-business strategy. They need to 
be able to leverage the information and capabili- 
ties enterprise-wide,” Lewis explains. 


PricewaterhouseCoopers has long had a 
dedicated security practice within its Global Risk 
Management Solutions unit. The group focuses 
on analyzing, designing and implementing identi- 
ty management solutions. The dynamic situation 
in identity management and IT security is present- 
ing new opportunities. “We will double the size of 
our group over the next 18 months,” Lewis says. 
“We'll be hiring at all levels, from detail technical 
architects to individuals who are experienced with 
IT security management. In addition to the strong 
IT skill sets traditionally needed, we look for peo- 
ple with a strong understanding of business 
processes and operation.” 


For more job opportunities with IT security firms, turn to the pages 

of ITcareers. 

© If you'd like to take part in an upcoming ITcareers feature, contact 
Janis Crowley, 650.312.0607 or janis_crowley@itcareers.net. 

© Produced by Carole R. Hedden 

© Designed by Aldebaran Graphic Solutions 
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Purdue University 
Faculty Positions 
Computer Information Systems 
& Technology 
Purdue University's Department 
of Computer Technology invites 
applications for two or more 
tenure-track, assistant professor 
positions at its West Lafayette 
home campus and various 
statewide outreach campuses. 
beginning in August 2002. The 
department's mission focuses 
primarily on teaching, educa 
tional scholarship (not basic or 
applied research), and industry, 
professional outreach. The West 
Lafayette position exists in the 
area software development using 
Java, Visual Basic and web 
scripting languages for object- 
oriented, component-based 
Internet, and client/server infor- 
mation systems, with some data 
base experience desirable. West 
Lafayette candidates must par- 
ticipate in both undergraduate 
and graduate education assign- 
ments. Candidates for statewide 
outreach positions should be 
able to teach a variety of 
foundation courses in end-user 
computing, application program- 
ming. databese systems 
analysis and design, and data 
communications. All candidates 
must have an earned Masters 
Degree in a relevant field (the 
doctorate is not a requirement 
for employment, promotion, or 
tenure for these positions). All 
candidates should have at least 
three years of full-time, relevant 
industrial experience in informa 
tion systems and business com- 
puting. Prior teaching experience 
is also preferred. Applications 
will be accepted until the position 
is filled. Send a detailed resume 
and academic transcripts to CPT 
Search and Screen Committee 
Ad Code CW, Department of 
Computer Technology, Purdue 
University, 1421 Knoy Hall 242 
West Lafayette, IN 47907-1421 
Questions should be directed to 
Professor Jeffrey L. Whitten 
(West Lafayette) at phone (765) 
494-4545, or on the Internet 
at jlwhitten @tech purdue.edu 
Purdue University is an equal 
opportunity, affirmative action 

employer 


SOFTWARE ENGINEER to de 
sign, develop, implement, test 
and maintain application software 
systems in a client/server envi 
ronment using C++, Visual C++ 
Visual Basic, MS SOL, ASP 
and COM under Windows 2000 
operating system; Create triggers 
and stored procedures. Require 
M.S. degree in Computer Science 
an Engineering discipline, or a 

related field with two 
years of experience in the job 
offered. Extensive travel on 
assignment to various client 
sites within the U.S. is required. 
Competitive salary offered. Send 
resume to: Priti Darji, Human 
Resources Manager, Charter 
Global Services, Inc., 5445 
Triangle Parkway, Suite 190 
Norcross, GA 30092; Attn 
Job YM 


Systems Analyst to analyze 
user requirements, procedures 
and problems to automate 
processing or improve exiting 
computer system. Should be 
technically sound with hands on 
experience in building Client- 
Server applications and distrib- 
uted applications using, Visual 
Basic, Oracle & SQL Server on 
Windows platforms. Bach. Degree 
in Inf. Sys, Eng or Comp. Sci and 
2 yr. Exp. 

Software Engineer to research 
design and develop computer 
software systems in conjunction 
with hardware product develop: 
ment. Should be technically 
sound with hands on experience 
in building Client-Server appli- 
cations and distributed applica- 
tions using C++, Power Builder 
Visual Basic, Oracle & SQL 
Server on Windows NT/95/98 
platforms. Bach. in Comp. Sci or 
Eng. and 5 yrs. Exp. Or Master 
and 3 yr. Exp. Send resume to 
Pyramid Consulting Inc. 5335 
Triangle Parkway, Suite 510 
Norcross, GA 30092 


COMPUTER/IT 

Software Engineer/Developer 
Req. Master's degree in Math. or 
Comp. £si. w/ advanced math 
coursework & 4 yrs.’ exp. in the 
job offered or 4 yrs.’ exp. in devel 
of computer systems. Ali of exp. 
must involve complex program- 
ming solutions utilizing complex 
math equations and formulas; 
Rational Unified Process utiliz 
Unified Modeling Language and 
Database Design Tools; and 
devel. of NTier architecture 
systems. At least one yr. of stated 
exp. must have involved serving 
as lead developer for a securities 
lending system. Direct and coor- 
dinate, as lead developer, all 
technical aspects of the devel- 
opment of company’s securities 
lending system, Metropolitan 
Enterprise Transaction System 
(METS). Prepare specifications 
for proposed computer system 
including developing use case 
models and use case scenarios 
using Rational Unified Process 
utilizing Unified Modeling Lan- 
guage and Database Design 
Tools. 40 hours/wk. Apply with 
resume to: Michelle Eyink, 
Human Resources Manager. 
Metropolitan West Securities. 
LLC, 11440 San Vicente Boule- 
vard, 3rd Floor, Los Angeles, CA 
90049. 


MAGNA INFOTECH, a fast 
growing consulting company is 
looking for Programmer/Analysts, 
Software Consultants and Soft- 
ware Engineers with experience 
in one or more of the following: 
ERP: SAP, Baan Implementa- 
tion, Tools, Admin 

UNIX: C, C++, Shell, AIX, HP- 
UX, Solaris Admin, Networking 
AS/400: RPG/400, COBOL/400. 
CL, BPCS, JD Edwards, Synon 
WINDOWS: VC++, VB, PB. 
MFC, OLE/COM, Admin 

REAL TIME: Microprocessor. 
RTOS Programming 
INTERNET: Java, Javascript 
CGI, Perl, WAP, Admin, Active X 
ASP 

DATABASE: Oracie, Informix 
Sybase, DB2 Admin Developer 
2000, Designer 2000 

Sales Manager/ Marketing 
manager: must have at least 2 
years of Sales experience, B.A 
degree or foreign equivalent 
degree and basic computer 
skills 

Multiple positions exist at various 
sites across the US. 

!f you are interested please mail 
your resume clearly mentioning 
the reference number: CW12-01 
to:Attention Recruiting Dept., 
Job Ref. CW12-01, Magna 
Infotech Ltd., 1 Padanarani 
Rd., Suite 208, Danbury, CT 
06811-4833 


PROGRAMMER/ANALYST to 
analyze, design, develop and test 
middleware platform to enable 
EAI, B28 interoperability and 
EDI using J.D. Edwards OneWorld 
Xe, COM/DCOM, CORBA, Java 
and MQSeries; Design and 
develop security layer for com- 
merce portal using siteminder 
Develop billing adapter for legacy 
systems around AS/400 based 
applications; Analyze, implement 
and customize various applica- 
tions in Distribution, Logistics. 
HR, Payroll and Financial suites 
using J.D. Edwards OneWorid 
ERP package. Require: B.S. de- 
gree in Computer Science, an 
Engineering discipline, or a 
closely related field with two 
years of experience in the job 
offered. extensive travel on 
assignment to various client 
sites within the U.S. is required. 
Competitive salary offered 
Apply by resume to: Michael A 
Dixon, Manager, HR, Paramount 
Software Solutions, Inc., 3350 
Riverwood Parkway, Suite 1900 
Atlanta, GA 30339; Attn: Job MK 
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M.1.S. Consultant. Consult with 
new and existing hotel and 
restaurant clients to determine 
software & hardware needs 
Develop & implement proprietary 
software systems using client 
server technology & object- 
oriented methodology. Train 
users on site. Tools: Compaq 
Server; SQL Server; Visual 
Basic; Oracle. Bachelor's* in 
M.1.S. or Business + 2 yrs. exp 
in job offered or as Systems 
Analyst. (“Will accep: three yrs. 
undergraduate study + 1 yr. exp. 
in Management Information Sys- 
tems.) Prior exp. must include 
SQL Server; Oracle. 25% travel 
req'd. 40 hrs/wk, 9am-5pm, 
$65,000/yr. Applicants must 
show proof of legal authority to 
work in the U.S. Send 2 copies 
of resume & cover letter to Illinois 
Dept. of Employment Security, 
401 S. State St.-7 North, Chicago, 
IL 60605. Attn: Brenda Kelly. 
Ref# V-IL 27079-K. Employer 
Paid Ad. No calls 


SENIOR SOFTWARE ENGI 
NEER to design, develop, test 
implement, maintain and support 
business critical credit card 
application software using TSO/ 
ISPF, VS COBOL Ii, VSAM, JCL 
DB2, Expediter, File-Aid, REXX 
Easytrieve, OPC, Infoman and 
Changeman on MVS ESA 
platform; Supervise and mentor 
junior programmers and engi- 
neers. Require: M.S. degree 
in Computer Science, an Engi- 
neering discipline, or a closely 
related field with two years of 
experience in the job offered 
Competitive salary offered. Send 
resume to: Debra L. Crow, 
Citibank Universal Card Services, 
8787 Baypine Road, Jacksonville, 
FL 32256; Attn: Job MM. 


ENGINEERING 

Associate Staff Embedded 
S/W Engineer, Settop Systems. 
(Lawrenceville, Georgia). Requires 
a Master's degree in electrical 
engineering or computer science, 
and 3 years’ experience in the 
job offered or 3 years’ experience 
in the development of embedded 
software for real-time, multitask 
ing operating systems in a client- 
server environment using C. 
C++. All stated experience must 
include work with the following: 
architecture, design, coding, and 
debugging of systems-level 
applications in a multi-processor 
environment; UDP and TCP/IP 
protocols and use of ports in an 
IP network; writing test plans for 
unit test, integration, and certifi- 
cation stages of testing; device 
driver development in an inter 
rupt-driven environment. (Expe- 
rience may be gained prior to 
completion of degree.) Must be 
able to travel up to 25% of working 
time. Develop embedded soft 
ware for real-time, multitasking 
operating systems in a client 
server environment using C 
C++. Engage in architecture, de- 
sign, coding, and debugging of 
systems-level applications in a 
multi-processor environment. 40 
hrs./wk. 8:00-5:00. Salary range 
$67,050/yr. to $77,500/yr. de 
pending on education and expe- 
rience. Apply with resume to 
Robin Larkey, Scientific-Atlanta, 
Inc., 5030 Sugarloaf Parkway, 
Lawrenceville, Georgia 30044 
EOE 


System Analysts needed. Quan. 
titative Risk Management, Inc., a 
Chicago, IL based company 
is currently seeking qualified 
candidates who possess a BS 
degree or equivaient and have 
relevant work experience 
Responsibilities include designing 
and developing complex database 
systems; work with COM/DCOM 
and UI! Programming with Visual 
Basic, Visual C++, SQL Server 
or any other RDBMS and OLAP. 
Send resurnes only, no calls to: 
Corporate Staffing, Attn: MK 
QRM, Inc., 181 W. Madison St 
49th Floor, Chicago, iL 60602. 


COMSYS is an established IT 
consulting firm that serves lead- 
ing corporations including 174 
of the Fortune 500. With 
COMSYS, you get: Extensive 
Benefits, Additional Compensation 
for referrals, and Professional 
Challenges with training and 
assignments to keep you at the 
forefront of technology. With 
over 30 offices, we need the 
services of experienced consul- 
tants across the US 


* Computer Programmers 
¢ Programmer Analysts 
* Systems Analysts 
* Software Engineers 
* User Support Specialists 
* DBA's 
* Business Analysts 
* Project Leaders 
Submit resume to 


COMSYS 
f \ 3030 LBJ Freeway 


( COMSYS Suite 905 
Dallas, TX 75234 
www.comsys.com 

Fax: 972-960-0914 
EOE/M/F/DV 


Computer Service Specialist IV 
- Analyze comp. service req., 
recommend/install/contigure: 
alt. automated solutions. Install 
configure/customize/troubieshoot 
hardware/OS (Win2k/WinXP/ 
MacOS X/SGI/Sun/Linux) 
network equip. (wireless dev/ 
bridges/switches/routers) 
servers (web/email/file/oackup) 
Code/test web-based soft 
(XMLU/DHTML/Java/Per!). Design’ 
develop doc. for soft/hardware 
Develop training prog. BS 
Comp. Sc., $40,893./yr, 40hr/wk 
8-5 M-F. Must have proof of 
legal authority to work in the U.S. 
2 Res. in person or by mail to: # 
GA 7043758, GDOL, 788 Prince 
Ave. POB. 272, Athens, GA 
60606-5902 or any GDOL office 
An employer paid ad 


EQUANT operates the world’s 
largest private global telecom- 
munications network, providing 
local access to 220 countries 
and territories. Our market success 
has created the following oppor- 
tunities in our Atlanta, Dallas and 
Reston, Virginia locations: 


Telecommunications Asset 
and Inventory Manager 
Procurement Analyst 
Technical Consultant 
Network/System Support 
Engineer/Analyst 

* Telecommunications Engineer 

* Customer Support Speci: / 
Telecom 


For immediate consideration 
please send resume to: Equant 
Attn: Human Resources, 2250 E 
Imperial Highway, Suite 535, El 
Segundo, California 90245 


STAFF SOFTWARE ENGINEER 
(position located in Atlanta, GA) 
to analyze, design, program. 
debug and modify local, network 
or internet related computer 
programs for materials manage- 
ment, financial mgt., HRIS or 
desktop applications; Write code. 
complete programming, and 
perform testing and debugging 
of applications. Require: Bach 
degree (or foreign equivalent) in 
Computer Science, Information 
Systems, Physics, or a closely 
related field, with 1 yr. of exp. in 
the job offered or as a Software: 
Applications Developer or Pro- 
grammer/Analyst. Competitive 
salary and benefits. Hours: 8-5, 
M-F. Send resume to: KM-HR 
CheckFree Services Corporation 
6000 Perimeter Drive, Dublin, 
OH 43017; ATTN: Job SM (No 
Phone Calls Please) 
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“RK Management Consultants, 
inc. seeks experienced Certified 
Showcase, Essbase consultants 
who have strong experience in 
AS/400, Showcase, DB2 OLAP, 
RPG/400, Silvon, CL/400, VB 
and Oracle. Frequent  travel/ 
relocation required. M.S or equal 
or B.S or equal C/S or Engg, or 
Math or Foreign equivalent of 
exp/educ accepted. Send or 
email resume to HR Dept, 
Oakbrook Terrace Tower, One 
Tower Lane, Suite 2540 
Oakbrook Terrace, IL 60181, or 
raj@rkmcinc.com." 


Multiple openings for s/w 
Eng/Consultants, Programmer 
Analysts, Project Leaders/ 
Managers, Account/Product 
Manager, Systems/Management 
Analysts, Web Masters/designers 
and project engineers. Some 
positions require Bachelor (or 
equiv.) while others require 
(or equiv.) in CS, Engg, Math, 
Bus Admin or related field. We 
will accept the foreign equiv. of 
req'd edu. and/or its equiv. in edu 
& exp. Exp will depend on position. 
Send resume to JRD Systems 
42524 Hayes Rd, # 100, Clinton 
Twp, MI 48038. 


Abacuss Software Technologies, 
LLC, seeks IT professionals with 
industry exp. (various skills com- 
bination reqd.) in ClearCase 
Clearquest, RUP, J2EE, JSP, 
Serviets, C++, SQL Server, 
Sybase, DHTML, Netdynamics. 
Websphere, etc. Some positions 
require MS or equiv. CS, Engg. 
Math, Bus. Admin. or rel. field 
Others require BS or equiv. 
as above. Pay matching exp 
Foreign educ. equiv &/or combi- 
nation of educ/exp. accepted. 
Travel/relocation reqd. Resume 
only to 1970 Cliff Valley Way, 
Suite 100, Atlanta, GA 30329. 
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Trading 


Many IT executives attend- 
ing a special Wall Street break- 
fast meeting on the topic last 
week answered yes. 

“The business case is $18 bil- 
lion in savings over five years 
[for the industry],” said Steven 
Crosby, special adviser to 
GSTP AG, a Switzerland-based 
operating company for the 
Global Straight Through Pro- 
cessing Association (GSTPA). 
“This is about operational risk 
in the marketplace. Trades fail 
because [the information] 
dirty.” 

Crosby was joined at the 
meeting by IT executives from 
New York-based Lehman 
Brothers Holdings Inc. and 
Paris-based Societe Generale 
Group. The IP-based network 
is expected to go live by June, 


said Crosby. The final phase of 


the pilot will take place 


through March and _ involve | 


real trade data being ex- 
changed among Wall Street 
firms across a virtual private 
network. 
Thirty-three 


financial ser- 





NEWS 


The Skinny on Trade Settlement 


> T+3 means “stock trade plus three days” for clearing and settlement. 


> Currently, payments take three days to clear because IT and the 
reporting systems aren't robust enough to handle anything faster. 


> The financial services industry had planned to move to T+1 settlement by 
2004, but the Securities Industry Association recently 


moved that target date to June 2005. 


> Some in the financial services industry feel it's just as easy to move 
from T+3 to same-day clearance, or T+0, as it is to move to T+1. 


> Wall Street needs to upgrade its technology infrastructure and 
business processes that link brokerages, clearinghouses and banks, provid- 
ing a nonstop flow of information from trade execution to settlement in order 


to handle real-time settlement. 


vices firms, including BNP 
Paribas Private Bank in France, 
The Bank of New York Co., 
Goldman Sachs Group Inc., 
J.P. Morgan Chase & Co. and 
Credit Suisse First Boston 
Corp., have been piloting the 
utility since June. 

Once coding of the system is 
completed in the next few 


months, GSTP’s model will be | 


capable of matching trades in 
30 minutes, said Crosby. 

But as recently as October, 
the Securities Industry Associ- 
ation moved the target date for 


| the launch of T+1, or trade plus 


one day clearing, from 2004 to 


sti tonsa) 


| June 2005, citing the Sept. 11 
attacks and the fact that many 
brokerage houses and banks 
are focusing more on business 
continuity planning than on 
shortening settlement times. 
That leaves many IT man- 
agers skeptical about whether 
T+l is viable, never mind T+0, 
or same-day settlement. 
“We're trying to discover 
| why trades are being held up. 
| You need to look at all the in- 
terfaces making that happen,” 
| said Denis Kosar, vice presi- 
dent of global databases and 
architecture at Salomon Smith 
| Barney Holdings Ince. 





Sun Won't Support Intel Chips in Solaris 9 


Change i in plans 
aims to cut costs 


BY LEE COPELAND 
Citing the need for cost-cut- 
ting measures, Sun Microsys- 
tems Inc. confirmed last week 
that it’s dropping support for 


servers based on Intel Corp.’s | 
microprocessors in its upcom- | 


ing Solaris 9 operating system. 
Sun plans to ship Solaris 9 by 


midyear. Its Solaris 8 software | 
supported both Sun’s own 64- | 


bit UltraSPARC processors 
and Intel’s 32-bit Pentium 
chips. But Sun officials said the 
cost of porting Solaris 9 to 
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both processor sets is too high 


under current business condi- 


tions, so the computer maker is 
giving Intel the boot. 

“This is about focusing on 
the bottom line,” said Graham 
Lovell, director of 
product marketing. “Solaris In- 
tel is not going away,” Lovell 
added. “We will continue to 
ship and support Intel chips on 
Solaris 8.” 

But Lovell 


Solaris 


also said Sun 


hasn’t determined when or if 


it will continue development 
for the Intel chip set on Solaris 


8. He estimated that it would | 


take four to six months to com- 
plete that work, which would 
include updating the source 


$295 per year. Subscrig 


| engineering 


| code for peripheral products 
and new PC features. 

In March 2000, Sun began 
| offering Solaris 8 as a 
download to customers with 
had fewer than 


free 


systems that 


| eight processors. Officials said 


that more than 1.2 million cus- 
tomers have downloaded the 
software and that most of them 
are using Solaris 8 on Intel- 
based systems. 

“Sun is looking at a changed 
market, they must be 
more prudent in use of scarce 
dollars and re- 
sources,” said Dan Kusnetzky, 
an analyst at IDC in Framing- 
ham, Mass. But Kusnetzky also 


where 





said Sun’s share of the Intel- 
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“One | 


| affecting 





problem is a lot of brokerage 
houses haven’t done a good job 
in workflow analysis.” 

Drew Hiltz, CIO at French 


bank CDC Ixis’ North Ameri- | 


can operations, said going 


from three days to a single day | 
for clearing and settlement | 
risks | 
created by waiting for banks to | 


would alleviate credit 


clear transactions. But there 


must be a meaningful ROI to | 
do it, Hiltz added. 


“It can be done, but the ques- 


| tion is,Should we do it?” he 
said. “I don’t know. I think the | 
business guys need to figure | 


that one out.” 
Crosby agreed, but he ar- 
gued that financial services 


firms still must tie together | 
their respective IT infrastruc- | 


tures with middleware and 
adopt a common messaging 
format, regardless of whether 
the industry moves to 


to experience 
rates of message failure on 
high-volume trade days. 


“This is not about a date ona | 


calendar,” Crosby said. “People 


| who are not making that kind 


of IT investment will eventual- 


ly start losing market share. | 


They will be acquired.” D 


| on-Unix server market was al- 


ways slim and therefore too 
small to justify the continued 
expense. 


Gordon Haff, an analyst at | 
| Nashua, N.H.-based I]luminata | 
Inc., noted that many of the | 
| users of the Intel/Solaris soft- | 


ware were educational users 
and hobbyists and that he 


doesn’t expect much negative 


feedback from corporate users | 


about the Sun move. 


“Solaris on Intel chips has | 
not been a strategic offering | 
| from Sun for a 
years, but the easiest thing for | 
Sun to do was to continue of- | 


number of 


fering it,” said Haff. 


‘Sun was looking for cuts | 
made without | 
programs, | 


that could be 
strategic 
and Solaris on Intel’s number 
came up.” D 
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Banks Migrate 
To Middleware 


Lehman Brothers has spent 
millions of dollars over the 
past year to replace its point- 
to-point communications 
infrastructure with a publish- 
and-subscribe messaging one 
using Palo Alto, Calif.-based 
Tibco Software Inc.'s middle- 
ware and messaging platform. 

Peter Belina, vice president 
of real-time infrastructure at 
Lehman Brothers, said the in- 
vestment bank is seeing RO! 
from the project in terms of 
increased efficiencies, better 
customer service and not hav- 
ing to hire 20 more IT workers 
to maintain an older IT system 
that it had used. 

“Doing things point-to-point 
on a large scale just becomes 
unwieldy. When you have a 
point-to-point connectivity . . 
it starts to break down at a 
certain level because you have 
to keep track of all the connec- 
tions,” Belina said. 

Lehman Brothers purchased 
six new servers for straight- 
through processing services, 
60 servers for its new central- 
ized routing infrastructure and 
10 additional servers to support 
its applications. The firm has 
already migrated 15 major 
trading systems to the new in- 
frastructure and implemented 
25 new applications and 40 
Tibco-based systems. It plans 
to complete the upgrade during 
the next two months. 

Sylvain Pendaries, director 
of IT for capital markets at the 
New York-based arm of French 
bank Societe Generale Group, 
said it has completed an up- 
grade similar to Lehman Broth- 
ers’ using Tibco software 

“| think one mistake every- 
one’s making is thinking T+1 or 
T+0 is a technical problem,” 
Pendaries said. “The informa- 
tion is available internally and 
externally. But the question is, 
Do you think your business 
processes are ready to handle 
the volume?” 

~- Lucas Mearian 
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Security, Now! 


OUR COMPANY NEEDS an IT security czar. Reporting 
security breaches should be mandated by federal law. 
And Congress should consider making software ven- 
dors liable for security holes in their software. 

Those are the main conclusions of a report released 
last week by the National Research Council called “Cybersecurity 
Today and Tomorrow: Pay Now or Pay Later.” 

“What?” you say. “A big push for improved IT security? Now? In 
the middle of a recession? Are these people crazy or what?” 


No, they’re not crazy. 

You should read this report. You don’t really 
have an excuse not to — the main body of the 
report is less than 6,000 words long, and it’s 
free on the Web at http://books.nap.edu/html/ 
cybersecurity. It’s light on institutional jargon 
and heavy on useful information. It lays out an 
awful lot about why we've got the security mess 
we’re currently in, what’s standing in the way of 
fixing it, what hasn’t worked before and what 
should be done now. 

It’s bluntly realistic about the reasons why 
businesses and government agencies have 
dodged the need for better IT security. As the 
report puts it: “Security is expensive, not only 
in dollars but especially in interference with 
daily work. It has no value when there is no at- 
tack. Consequently, people tend to use as little 
of it as they think they can get away with.” 

And it makes no bones about the fact that 
there’s no conventional business case or ROI ar- 
gument to push for better security: “One can’t 
count on financial and market incentives alone 
to drive appropriate action.” 

In other words, security is something like 
Y2k — except with no do-or-die deadline to 
spur action. Like Y2k, the only reward for fixing 
security problems is that you get to 
stay in business. Except that in the 
case of security, zero hour isn’t Jan. 1, 
2000. Zero hour only arrives if 
you’re attacked — which might nev- 
er happen. 

Six months ago, that fact alone 
probably would have guaranteed 
that any proposal to significantly 
beef up your security would never 
make it past your CEO’s desk. 





Since Sept. ll, it’s easy to see how cyberter- 
rorists could amplify the effects of physical acts 
of terrorism. They could disrupt communica- 
tions, sow confusion, misdirect rescue efforts — 
and cost lives. They could also hijack insecure 
systems to attack critical infrastructure. 

Even your CEO can undc:stand that. Which 
means that improving security doesn’t sound 
like such a crazy idea. 

And ironically, right now — in the middle of a 
recession — is exactly the right time to go to 
work on the problem. 

At most companies, there won’t be any major 
business initiatives for a while. Big IT projects 
are on hold. Things are slow. There are people 
and time available to do the work. 

A recession is also when any business can 
least afford the cost of a major security cata- 
strophe. And because many security improve- 
ments don’t involve capital expenditures — 
just a lot of time and work — they’re budget- 
friendly. 

So improving your security, starting right 
now, is beginning to sound downright sane to 
people like your top brass. 

Will you get that IT security czar? Not until 
budgets loosen up. And you won’t get to replace 
passwords with smart cards, or hire 
a team of outsiders to attack your 
systems and find vulnerabilities, or 
try some of the other more expen- 
sive recommendations in “Cyberse- 
curity Today and Tomorrow.” 

But there’s still plenty you can do. 
So read the report. Then start craft- 
ing a plan for improving your secu- 
rity — one you can implement right 
now — with a rationale your CEO 


USER CALLS help desk - her 
spreadsheet keeps giving error 
codes, she says. Investigating, 
pilot fish spots the problem: User 
was entering telephone numbers 
into the spreadsheet. Fish types 
“123-4567” into a cell, and the 
“error code” that shows up is 
-4444. “See, when you subtract 
4,567 from 123,” fish says gen- 
tly, “you get -4,444.” 


IMAGE FILES e-mailed from 
the European office won't open, 
user complains to tech pilot fish. 
Most likely, the attachment got 
corrupted, but user has his own 
theory. “It probably has to do 
with the difference in electricity,” 
he tells fish. “In Europe, they use 
220 volts, and we use 110.” 


AT HER FIRST Cub Scout 
meeting, IT pilot fish introduces 
her sons to another scout's dad. 
“Are you in programming?” asks 
the dad. “Yes,” fish answers. 
“How did you know?” He points 
to the troop number on the boys’ 
sleeves. “You zero-filled it,” he 
says - 0263 instead of 263. 
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PILOT PROJECT isn't going 
well - the servers require a re- 
boot every six hours. Tech pilot 
fish is working on the problem 
when IT director decides to help. 
Peering over fish’s shoulder, di- 
rector says, “There's the prob- 
lem. ‘System Idle’ is eating up 
98% of the resources!” 


TROUBLESHOOTING a user's 
PC, pilot fish spots a nonbusi- 
ness file on her desktop. “It’s for 
a school course,” user explains. 
“| just downloaded it here so | 
can e-mail it home.” Why? fish 
asks. “Because it's a 300MB 
file, and it’s too slow to down- 
load it with my modem at home.” 
Fish reports, “It almost broke her 
heart when | told ner she has to 
download that same exact file 
from the e-mail server with that 
same slow modem.” 


Upload your story: sharky@ 
computerworld.com. You can 
score a snazzy Shark shirt if your 
true tale of IT life sees print - or 
if it shows up in the daily feed at 
computerworld.com/sharky. 


The 5th Wave 


“Did you click ‘HELP’ on the MSN.com 
menv bar recently? It's Mr. Gates, 
He wants to know if evergthing’6 

alright.” 


FRANK HAYES, Computer- 
world’s senior news cclum- 
nist, has covered IT for more 
than 20 years. Contact him at 
frank_hayes@computerworld.com. 


can understand. 

You may just find that, right now, 
there’s nothing crazy about that at 
all.» 


But it’s not six months ago. And 
since Sept. ll, nobody believes secu- 
rity is still just a matter of dealing 
with e-mail viruses and hackers. 








You’re an IT professional, not an Internet traffic controller. 


Sick of saying “no” to co-workers’ online access requests? Let Websense Enterprise Web filtering software handle your Internet 
traffic control duties. Our customizable features save time and headaches. Whether you need to serve 50 or 50,000 users, 
manage Internet access by individual or group, or enable surfing at lunch or after hours, Websense gives you options. 

All in an easy-to-install and implement solution. Get the Web filtering software tested and trusted by more than half the 


Fortune 500. And put away that orange vest for good. 
\_ WZJEBSENSE. 


Stop by www.websense.com today for your free, fully functional 30-day trial. EMPLOYEE INTERNET MANAGEMENT 


NASDAQ: WBSN 
WEBSENSE INTEGRATES WITH LEADING INFRASTRUCTURE SOLUTIONS SUCH AS: 
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“Open Net Environment 


Sun™ ONE. The software platform that will unleash 
the untapped horsepower of your IT infrastructure. 


What's the value of integrating your information assets? That's an easy one. More | IT’S THE FUEL-INJECTED JAVA™ 
| AND XML SOFTWARE PLATFORM. 


services, bigger savings, greater profits, right? You'll get better customer service, 
Sun ONE is a software platform of rock-solid 


tighter supply chains and achieve increased productivity. Sounds great, so how do | Products that lets you integrate whatever services 
| you demand. And you can leverage the power 

you do it? With Web Services? How do you wrangle those resources together of your legacy systems to launch services today 
without locking you into a dead-end solution 

without ripping out and replacing everything? Or without a massive development tomorrow. Sun ONE includes the iPlanet™ product 
portfolio, with the most popular LDAP directory 

project? Or without crushing your bottom line? Oh yeah, and how do you make it | server on the market, and Forte™ for Java™ tools, 
the quickest way to write Java apps anywhere 


future-proof, adaptable to whatever platforms, technologies or thingamabobs And it's all built with Java and XML technologies, 


supports SOAP, WSDL and UDDI, and runs on 
show up tomorrow? Sun” ONE is the answer. 


Solaris)” the #1 UNIX® operating environment 


take it to the n" S 
wrumn By SUN 


microsystems 





